Overview
Menu

Configuration IP blocklist/allowlist

Overview

EdgeOne DDoS protection service supports controlling client source IP blocking or releasing access requests by configuring IP blocklist and allowlist, thus limiting users accessing your application resources. Configuring IP blocklist/allowlist sets filtering or releasing rules for source IPs. When IPs in the allowlist access, they will be directly released without going through other protection strategies in the DDoS protection module (not affecting other module's protection strategies). When IPs in the blocklist access, they will be directly blocked.
Note:
1. This function is only supported when L4 proxy enables exclusive DDoS protection. Default platform protection and L7 site exclusive DDoS protection do not support configuration;
2. IP blocklist/allowlist rules will take effect within 5-10 seconds after saving.
3. Up to 8 IP groupings can be configured for IP blocklist/allowlist, and up to 2000 IPs can be filled in each group.

Usage Scenarios

Allow access only from IPs in the allowlist during an attack: When suffering from a DDoS attack, only allow users trusted by the allowlist to access the site, which can significantly reduce the security risk of the website, but may affect normal IP access requests not in the allowlist.
Block attack source IP directly with blocklist: Add confirmed attack source IP to the blocklist to block all access requests from that IP, reduce DDoS cleaning traffic, and reduce attack penetration.

Scenario 1: Release trusted IP requests through IP allowlist

For all business domain names under the site example.com, the IP address segment 1.1.1.1/24 is the trusted access IP of the site. To avoid misblocking trusted IPs, you can add the IP to the allowlist without going through the DDoS protection module cleaning. The operation steps are as follows:
1. Log in to the EdgeOne console, click Site List in the left menu bar, click the site to be configured in the site list, and enter the site details page.
2. On the site details page, click Security Protection > DDoS Protection to enter the DDoS Protection details page.
3. In the L4 Proxy Protection tab, select the L4 proxy protection instance to be configured and click on Security configuration.
4. In the IP Blocklist/Allowlist card, click Set to enter the IP Blocklist/Allowlist configuration page.



5. In the IP Blocklist/Allowlist page, click Create, enter the IP segment 1.1.1.1/24 for the current scenario, select Type as Allowlist, and click Save to take effect.

Scenario 2: Permanently block attack source IP access requests through IP blocklist

For all business domain names under the site example.com, the IP address 1.1.1.1 has been confirmed as an attack source IP. You can directly add the IP to the blocklist to block all access requests from that IP. The operation steps are as follows:
1. Log in to the EdgeOne console, click Site List in the left menu bar, click the site to be configured in the site list, and enter the site details page.
2. On the site details page, click Security Protection > DDoS Protection to enter the DDoS Protection details page.
3. In the L4 Proxy Protection tab, select the L4 proxy protection instance to be configured and click on Security configuration.
4. In the IP Blocklist/Allowlist card, click Set to enter the IP Blocklist/Allowlist configuration page.



5. In the IP Blocklist/Allowlist page, click Create, enter the IP 1.1.1.1 for the current scenario, select Type as Blocklist, and click Save to take effect.