IP access rules

更新时间:
复制 MD 格式

IP access rules let you allow, challenge, or block traffic by source IP, ASN, or geographic location. HTTP (Layer 7) IP access rules are available to all plans. TCP/UDP (Layer 4) IP access rules require an Enterprise plan.

Configure an IP access rule

  1. In the ESA console, go to Websites and click your target website in the Website column.

  2. On the website details page, choose Security > WAF > IP Access Rule.

  3. To define a rule, select a match type, such as IP/CIDR Block, ASN, or Region, enter a value, select an Action, and then click Create Rule. Supported action types are listed in Actions.

    image

  4. Optional: Rules apply to Layer 7 (HTTP) by default. TCP/UDP (Layer 4) IP access rules require an Enterprise plan. To also cover Layer 4 (TCP/UDP) requests, go to TCP/UDP > Settings. On the Settings page, click Create Application. In the Create Application panel, enable IP Access Rules.

    image

Configuration examples

Scenario 1: Block an IP address

To block a specific IP address:

  1. Set the Value for the IP Access Rules to IP/CIDR Block, and enter an IP address such as 192.168.0.0.

  2. Set the Action to Block and click Create Rule. Requests from this IP address are then blocked.

    image

Scenario 2: Block an ASN

To block traffic from a specific ASN:

  1. Set the Value for the IP Access Rules to ASN, and enter the ASN number. Use digits only (for example, 13335). Do not include the "AS" prefix — entering a value like AS13335 triggers a validation error. What is an ASN.

  2. Set the Action to Block and click Create Rule. Requests from this ASN are then blocked.

    image

Scenario 3: Block a region

To block a specific region:

  1. Set the Value for the IP Access Rules to Region, and enter a region name.

  2. Set the Action to Block and click Create Rule. The rule then blocks requests from this Region.

image

Actions

Action

Scope

Description

Block

Applies to both Layer 7 and Layer 4 requests.

Returns an HTTP 403 response for Layer 7 requests and terminates the connection for Layer 4 requests.

Allow

Applies to both Layer 7 and Layer 4 requests.

N/A

JavaScript Challenge

Applies only to Layer 7 requests.

Presents a JavaScript challenge to distinguish legitimate users from bots.

Slider CAPTCHA

Applies only to Layer 7 requests.

Presents a slider CAPTCHA to verify human users and block bots.

Availability

Feature

Free

Basic

Standard

Advanced

Enterprise

Number of IP access rules

50

200

300

400

400

TCP/UDP (Layer 4) IP access rules

Unsupported

Unsupported

Unsupported

Unsupported

Supported