Configuring a Geolocation Access Control Rule

This topic describes how to configure a geolocation access control rule. A geolocation access control rule allows you to control IP addresses forwarded from or to specified countries and regions.

Prerequisites

A website has been added to WAF.

Constraints

  • One region can be configured in only one geolocation access control rule.

  • It takes several minutes for a new rule to take effect. After the rule takes effect, protection events triggered by the rule will be displayed on the Events page.

Procedure

  1. Log in to the management console.

  2. Click image1 in the upper left corner of the management console and select a region or project.

  3. Click image2 in the upper left corner and choose Web Application Firewall under Security.

  4. In the navigation pane, choose Website Settings.

  5. In the Policy column of the row containing the domain name, click Configure Policy.

  6. In the Geolocation Access Control configuration area, change Status if needed and click Customize Rule.

  7. In the upper left corner of the Geolocation Access Control page, click Add Rule.

  8. In the displayed dialog box, add a geolocation access control rule by referring to Table 1.

    Table 1 Rule parameters

    Parameter

    Description

    Example Value

    Geolocation

    Geographical location from which an IP address is originated

    None

    Protective Action

    Action WAF will take if the rule is hit. You can select Block, Allow, or Log only.

    Block

    Rule Description

    A brief description of the rule. This parameter is optional.

    None

  9. Click OK. You can then view the added rule in the list of the geolocation access control rules.

    • To disable a rule, click Disable in the Operation column of the rule. The default Rule Status is Enabled.

    • To modify a rule, click Modify in the row containing the rule.

    • To delete a rule, click Delete in the row containing the rule.

Protection Effect

To verify WAF is protecting your website (www.example.com) against a rule:

  1. Clear the browser cache and enter the domain name in the address box of a browser to check whether the website is accessible.

    • If the website is inaccessible, connect the website domain name to WAF by following the instructions in Step 1: Add a Website to WAF.

    • If the website is accessible, go to 2.

  2. Add a geolocation access control rule by referring to Procedure.

  3. Clear the browser cache and access http://www.example.com. Normally, WAF blocks such requests and returns the block page.

  4. Go to the WAF console. In the navigation pane on the left, choose Events. On the displayed page, view or download events data.