Edge Security
  • Overview
  • DDoS Protection
    • DDoS Protection Overview
    • Exclusive DDoS Protection Usage
    • Configuration of Exclusive DDoS protection Rules
      • Increase DDoS Protection Level
      • Exclusive DDoS Traffic Alarm
      • Configuration IP blocklist/allowlist
      • Configuration Region Blocking Rule
      • Configuration Port Filtering
      • Configuration Features Filtering
      • Configuration Protocol Blocking Rule
      • Configuration Connections Attack Protection
      • Related References
        • Action
        • Related Concepts Introduction
  • Web Protection
    • Overview
    • Managed rules
    • CC attack defense
    • Custom rule
    • Custom Rate Limiting Rules
    • Exception Rules
    • Managed Custom Rules
    • Web security monitoring alarm
    • Refer
      • Web Protection Request Processing Order
      • Action
      • Match Condition
  • Bot Management
    • Overview
    • Bot Intelligent analysis
    • Bot Basic Feature Management
    • Client Reputation
    • Active Detection
    • Custom Bot Rule
    • Bot Exception Rule
    • Related References
      • Action
  • Rules Template
  • IP and IP Segment Grouping
  • Origin Protection
  • Custom Response Page
  • Alarm Notification
  • SSL/TLS
    • Overview
    • Deploying/Updating SSL Certificate for A Domain Name
    • Configuring A Free Certificate for A Domain Name
    • HTTPS Configuration
      • Forced HTTPS Access
      • Enabling HSTS
      • SSL/TLS Security Configuration
        • Configuring SSL/TLS Security
        • TLS Versions and Cipher Suites
      • Enabling OCSP Stapling

Configuration IP blocklist/allowlist

Overview

EdgeOne DDoS protection service supports controlling client source IP blocking or releasing access requests by configuring IP blocklist and allowlist, thus limiting users accessing your application resources. Configuring IP blocklist/allowlist sets filtering or releasing rules for source IPs. When IPs in the allowlist access, they will be directly released without going through other protection strategies in the DDoS protection module (not affecting other module's protection strategies). When IPs in the blocklist access, they will be directly blocked.
Note:
1. This function is only supported when L4 proxy enables exclusive DDoS protection. To configure IP blocklist/allowlist for web sites, please use custom rule.
2. IP blocklist/allowlist rules will take effect within 5-10 seconds after saving.
3. Up to 8 IP groupings can be configured for IP blocklist/allowlist, and up to 2000 IPs can be filled in each group.

Usage Scenarios

Allow access only from IPs in the allowlist during an attack: When suffering from a DDoS attack, only allow users trusted by the allowlist to access the site, which can significantly reduce the security risk of the website, but may affect normal IP access requests not in the allowlist.
Block attack source IP directly with blocklist: Add confirmed attack source IP to the blocklist to block all access requests from that IP, reduce DDoS cleaning traffic, and reduce attack penetration.

Scenario 1: Release trusted IP requests through IP allowlist

For all business domain names under the site example.com, the IP address segment 1.1.1.1/24 is the trusted access IP of the site. To avoid misblocking trusted IPs, you can add the IP to the allowlist without going through the DDoS protection module cleaning. The operation steps are as follows:
1. Log in to the EdgeOne console, click Site List in the left menu bar, click the site to be configured in the site list, and enter the site details page.
2. On the site details page, click Security Protection > DDoS Protection to enter the DDoS Protection details page.
3. In the L4 Proxy Protection tab, select the L4 proxy protection instance to be configured and click on Security configuration.
4. In the IP Blocklist/Allowlist card, click Set to enter the IP Blocklist/Allowlist configuration page.



5. In the IP Blocklist/Allowlist page, click Create, enter the IP segment 1.1.1.1/24 for the current scenario, select Type as Allowlist, and click Save to take effect.

Scenario 2: Permanently block attack source IP access requests through IP blocklist

For all business domain names under the site example.com, the IP address 1.1.1.1 has been confirmed as an attack source IP. You can directly add the IP to the blocklist to block all access requests from that IP. The operation steps are as follows:
1. Log in to the EdgeOne console, click Site List in the left menu bar, click the site to be configured in the site list, and enter the site details page.
2. On the site details page, click Security Protection > DDoS Protection to enter the DDoS Protection details page.
3. In the L4 Proxy Protection tab, select the L4 proxy protection instance to be configured and click on Security configuration.
4. In the IP Blocklist/Allowlist card, click Set to enter the IP Blocklist/Allowlist configuration page.



5. In the IP Blocklist/Allowlist page, click Create, enter the IP 1.1.1.1 for the current scenario, select Type as Blocklist, and click Save to take effect.