IP and IP Segment Grouping
An IP group contains a list of IPs or CIDR IP ranges. You can reference the IP group in DDoS protection and Web protection rules to simplify configuration and maintenance.
Note:
1. IP groups support cross-site usage. After creating an IP group, you can directly reference it in other sites to ensure consistent policies across different sites.
2. Up to 100 groups can be configured under the same account, and each IP group can include up to 2,000 IPs or CIDR IP ranges. To configure IP group matching in Web protection rules, see Match Condition for related limits.
Scenario: Group Management of IP Information with Business Threats
Example Scenario
A large game customer has connected sites
example.com
and site.com
. Currently, through the security intelligence library and their own business security, a blocklist of IPs with business threats has been identified. These IP addresses will change dynamically, so they need to be updated in real-time and applied to all site domain names, instantly blocking these IPs.Directions
1. Log in to the EdgeOne console and click Site List in the left sidebar. In the site list, click the target Site.
2. On the site detail page, click Security > General Settings.
3. In the IP groups tab, click Edit.
4. Click Create to create a group. Enter the group name and the IP address or IP range contained in the group, such as
1.1.1.1/23
and 1.2.2.2
. Separate multiple IP addresses with carriage returns.5. Click Save to complete the IP group creation.
6. After creating the IP group, as an example for this scenario, you need to disable access for all IPs within the group. You can add basic access control rules on the
example.com
and site.com
's Web Security page. When adding rules, choose Client IP equals the group name to perform Block. This will intercept all IP access within the group and dynamically update based on included IPs. For detailed configuration steps, refer to Custom Rules.
7. (Optional) After configuring the rules, if you identify new risky IPs that need to be added to the group and applied to all sites, you can follow steps 1-3 to re-enter the site where the template was created, click Edit, enter the new IP addresses, and click Save to apply the new IPs to all protection policies that use this group.