- WAF Release Notes
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- FAQS
- Security Advisory
- Command Execution Vulnerability in Exchange Server
- SQL Injection Vulnerability in Yonyou GRP-U8
- XXE Vulnerability in Apache Cocoon (CVE-2020-11991)
- Arbitrary Code Execution Vulnerability in WordPress File Manager
- Jenkins Security Advisory for September
- Remote Code Execution Vulnerabilities in Apache Struts 2 (CVE-2019-0230 and CVE-2019-0233)
- SQL Injection Vulnerability in Apache SkyWalking (CVE-2020-13921)
- WAF Policy
- Glossary
- WAF Release Notes
- User Guide
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Best Practice
- FAQS
- Security Advisory
- Command Execution Vulnerability in Exchange Server
- SQL Injection Vulnerability in Yonyou GRP-U8
- XXE Vulnerability in Apache Cocoon (CVE-2020-11991)
- Arbitrary Code Execution Vulnerability in WordPress File Manager
- Jenkins Security Advisory for September
- Remote Code Execution Vulnerabilities in Apache Struts 2 (CVE-2019-0230 and CVE-2019-0233)
- SQL Injection Vulnerability in Apache SkyWalking (CVE-2020-13921)
- WAF Policy
- Glossary
Overview
The IP management feature of Tencent Cloud WAF allows you to query access source IPs that pass WAF-protected domain names and add them to the blocklist or allowlist. Key features include IP query, IP blocklist/allowlist setting, and IP blocking status query.
- IP query: you can query the status of an IP for the protected domain name, such as whether it is in the blocklist/allowlist or whether it is blocked.
- IP blocklist/allowlist setting: you can set domain name-specific, IP range-specific, or global IP blocklist/allowlist rules.
- IP blocking status query: you can view the blocking status information of source IPs blocked due to CC attacks, bot behaviors, and failed CAPTCHA verification based on custom policies.
Directions
Example 1. Querying IP
- Log in to the WAF console, select IP Management -> IP Query on the left sidebar, and enter an IP address to view its status.
- You can manually add the queried IP address to the blocklist/allowlist.
- Log in to the WAF console, select IP Management -> IP Query on the left sidebar, and enter an IP address to view its status.
Example 2. Adding IP to Blocklist
- Log in to the WAF console and select IP Management -> IP Blocklist/Allowlist on the left sidebar to enter the configuration page.
Note:
In the blocklist/allowlist module, you can add a domain name-specific or global blocklist/allowlist which will take effect in the following priority order:
- The priority of the blocklist/allowlist is only lower than that of the custom pass policy of WAF, but higher than that of other detection logic.
- Priorities of IP blocklist/allowlist settings in descending order: custom pass policy > global allowlist > domain name-specific allowlist > domain name-specific blocklist > global blocklist > other WAF module logic.
Configuration item description:
- Category: blocklist or allowlist.
- Source: CC protection, BOT, or custom rule.
- Advanced Filter: you can use the creation time and expiration time to filter IPs.
- Log in to the WAF console and select IP Management -> IP Blocklist/Allowlist on the left sidebar to enter the configuration page.
To add an IP to the blocklist/allowlist, select the target domain name at the top-left corner, click Add Blocklist/Allowlist, and select the IP address or range to be blocked/allowed.
Note:
- If you select ALL for the domain name, the added IP address or range will be blocked/allowed globally.
- The quotas for domain name in each edition are as follows:
Premium Edition: 1000 entries/domain name; Enterprise Edition: 5,000 entries/domain name; Ultimate Edition: 20,000 entries/domain name. Each IP address or range occupies one entry in the quota.
You can import a blocklist or allowlist and export their filtered results. When you import IP information, please refer to the file format.
- After the source IP is added, you can enter it in the IP query module to query its status.
Example 3. Querying IP blocking status
- Log in to the WAF console and select IP Management -> IP Blocking On/Off to enter the query page.
- On the query page, you can query the information of IPs blocked by the custom policy, CAPTCHA, bot blocking, and CC protection modules. You can also export the query results and add IPs to the blocklist or allowlist.
Was this page helpful?