/ DOCS
nav-img
Advanced

How Do I Allow Only Specified IP Addresses to Access Protected Websites?

After you add the website to WAF, configure blacklist and whitelist rules or precise protection rules to allow only specified IP addresses to access the website. WAF then blocks all source IP addresses except the specified ones.

Configuring IP Address Blacklist and Whitelist Rules to Block All Source IP Addresses Except the Specified Ones

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Policies.
  5. Click the name of the target policy to go to the protection configuration page.
  6. In the Blacklist and Whitelist configuration area, enable the protection.

    Figure 1 Blacklist and Whitelist configuration area


  7. In the upper left corner of the Blacklist and Whitelist page, click Add Rule.
  8. In the Add Blacklist or Whitelist Rule dialog box, add two blacklist rules to block all source IP addresses.

    Figure 2 Blocking IP address range 1.0.0.0/1


    Figure 3 Blocking IP address range 128.0.0.0/1


  9. Click Add Rule. In the displayed Add Blacklist or Whitelist Rule dialog box, add a rule for the specified IP address or IP address range.

    For example, if you want to allow XXX.XX.2.3 to access your website, add a protection rule as shown in Figure 4.

    Figure 4 Allowing the access of a specified IP address


Configuring a Precise Protection Rule to Block All Source IP Addresses Except the Specified Ones

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. Click in the upper left corner of the page and choose Security > Web Application Firewall.
  4. In the navigation pane on the left, choose Policies.
  5. Click the name of the target policy to go to the protection configuration page.
  6. In the Precise Protection configuration area, enable the protection.

    Figure 5 Precise Protection configuration area


  7. Click Customize Rule. In the upper left corner of the displayed page, click Add Rule.
  8. In the displayed Add Precise Protection Rule dialog box, add a protection rule as shown in Figure 6 to block all requests.

    Caution

    The priority value here must be greater than that configured in Step 9 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.

    Figure 6 Blocking all requests


  9. Click Add Rule. In the displayed Add Precise Protection Rule dialog box, add a rule for the specified IP address.

    For example, if you want to allow 192.168.2.3 to access the website, add a protection rule as shown in Figure 7.

    Caution

    The priority value here must be smaller than that configured in Step 8 because allowing access has a higher priority than blocking access and a smaller priority value indicates a higher priority.

    Figure 7 Allowing the access of a specified IP address


Parent topic: Protection Rules
Предыдущая статья
How Do I Allow Requests from Only IP Addresses in a Specified Geographical Region?
Следующая статья
Which Protection Rules Are Included in the System-Generated Policy?
Была ли эта статья полезна?
Поддержка Юридические документы
© 2025 Cloud.ru