- WAF Release Notes
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- FAQS
- Security Advisory
- Command Execution Vulnerability in Exchange Server
- SQL Injection Vulnerability in Yonyou GRP-U8
- XXE Vulnerability in Apache Cocoon (CVE-2020-11991)
- Arbitrary Code Execution Vulnerability in WordPress File Manager
- Jenkins Security Advisory for September
- Remote Code Execution Vulnerabilities in Apache Struts 2 (CVE-2019-0230 and CVE-2019-0233)
- SQL Injection Vulnerability in Apache SkyWalking (CVE-2020-13921)
- WAF Policy
- Glossary
- WAF Release Notes
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- FAQS
- Security Advisory
- Command Execution Vulnerability in Exchange Server
- SQL Injection Vulnerability in Yonyou GRP-U8
- XXE Vulnerability in Apache Cocoon (CVE-2020-11991)
- Arbitrary Code Execution Vulnerability in WordPress File Manager
- Jenkins Security Advisory for September
- Remote Code Execution Vulnerabilities in Apache Struts 2 (CVE-2019-0230 and CVE-2019-0233)
- SQL Injection Vulnerability in Apache SkyWalking (CVE-2020-13921)
- WAF Policy
- Glossary
Feature Overview
The IP management feature of WAF allows you to query access source IPs that pass WAF-protected domain names and add them to the blocklist or allowlist. Key features include IP query, IP blocklist/allowlist setting, and IP blocking status query.
- IP query: you can query the status of an IP for the protected domain name, such as whether it is in the blocklist/allowlist or whether it is blocked.
- IP blocklist/allowlist setting: you can set domain name-specific, IP range-specific, or global IP blocklist/allowlist rules.
- IP blocking status query: you can view the blocking status information of source IPs blocked due to CC attacks, bot behaviors, and failed CAPTCHA verification based on custom policies.
Configuration Steps
- Log in to the WAF Console, select IP Management > IP Query, and enter the IP address to be queried to view its status.
- You can manually add the queried IP address to the blocklist/allowlist.
- Log in to the WAF Console and select IP Management > IP Blocklist/Allowlist to enter the configuration page.
Note:
In the blocklist/allowlist module, you can add a domain name-specific or global blocklist/allowlist which will take effect in the following priority order:
- The priority of the blocklist/allowlist is only lower than that of the custom pass policy of WAF, but higher than that of other detection logics.
- Priorities of IP blocklist/allowlist settings in descending order: global allowlist > domain name-specific allowlist > domain name-specific blocklist > global blocklist.
Configuration item description:
- Category: blocklist or allowlist.
- Source: CC protection, BOT, or custom rule.
- Advanced Filter: you can use the creation time and expiration time to filter IPs.
2. To add an entry to the blocklist/allowlist, select the domain name to be protected in the top-left corner, click Add Blocklist/Allowlist, and select the IP address or range to be blocked/allowed.
Note:
- If you select
ALLfor domain name, the added IP address or range will be blocked/allowed globally.- The quotas for domain name in each edition are as follows:
Premium Edition: 1,000 entries/domain name; Enterprise Edition: 5,000 entries/domain name; Ultimate Edition: 20,000 entries/domain name. Each IP address or range occupies one entry in the quota.
3. You can import a blocklist or allowlist and export their filtered results. When you import IP information, please refer to the format of the exported file.
4. After the source IP is added, you can enter it in the IP query module to query its status.
Example 3. Querying IP blocking status
- Log in to the WAF Console and select IP Management > IP Blocking On/Off to enter the query page.
- On the query page, you can query the information of IPs blocked by the custom policy, CAPTCHA, bot blocking, and CC protection modules. You can also export the query results and add individual IPs to the blocklist or allowlist.
Was this page helpful?