Edge Security
  • Overview
  • DDoS Protection
    • DDoS Protection Overview
    • Exclusive DDoS Protection Usage
    • Configuration of Exclusive DDoS protection Rules
      • Increase DDoS Protection Level
      • Exclusive DDoS Traffic Alarm
      • Configuration IP blocklist/allowlist
      • Configuration Region Blocking Rule
      • Configuration Port Filtering
      • Configuration Features Filtering
      • Configuration Protocol Blocking Rule
      • Configuration Connections Attack Protection
      • Related References
        • Action
        • Related Concepts Introduction
  • Web Protection
    • Overview
    • Managed rules
    • CC attack defense
    • Custom rule
    • Custom Rate Limiting Rules
    • Exception Rules
    • Managed Custom Rules
    • Web security monitoring alarm
    • Refer
      • Web Protection Request Processing Order
      • Action
      • Match Condition
  • Bot Management
    • Overview
    • Bot Intelligent analysis
    • Bot Basic Feature Management
    • Client Reputation
    • Active Detection
    • Custom Bot Rule
    • Bot Exception Rule
    • Related References
      • Action
  • Rules Template
  • IP and IP Segment Grouping
  • Origin Protection
  • Custom Response Page
  • Alarm Notification
  • SSL/TLS
    • Overview
    • Deploying/Updating SSL Certificate for A Domain Name
    • Configuring A Free Certificate for A Domain Name
    • HTTPS Configuration
      • Forced HTTPS Access
      • Enabling HSTS
      • SSL/TLS Security Configuration
        • Configuring SSL/TLS Security
        • TLS Versions and Cipher Suites
      • Enabling OCSP Stapling

Configuration Region Blocking Rule

Overview

If you find that all your attacks come from a specific region, or your business only allows access from specific regions and does not trust access from other regions, EdgeOne supports one-click blocking in the cleaning room by specifying a list of regions based on the source IP geographic region, helping you to custom block access requests from specified regions. After enabling region blocking, traffic from the blocked region to the EdgeOne site will be discarded. Supports multi-region and country traffic blocking.
Note:
1. This function is only supported when the L4 proxy is enabled for Exclusive DDoS protection, and is not supported for default platform protection and Exclusive DDoS protection for L7 sites;
2. After configuring region blocking, the attack traffic from that region will still be counted and recorded by the platform, but will not flow into the business origin.

Usage Scenarios

Exclude all attack behavior outside of trusted regions: If your current business is only applicable to specific regions, you can use region blocking to one-click block access clients from other regions in DDoS cleaning, avoiding attack sources from other regions from passing through to the origin.
One-click blocking of concentrated attack behavior in a region: If the main attack source of your current site is from a specific region, you can use region blocking to one-click block all access requests from that region in DDoS cleaning, more effectively preventing the attack from passing through.

Directions

For example: The current site users are all in China, only allowing Chinese users to access the site, not trusting access requests from other regions, in order to eliminate possible attack behavior from other regions, during a DDoS attack, all requests from other regions are blocked. The operation steps are as follows:
1. Log in to the Tencent Cloud EdgeOne console, enter Service Overview in the left menu bar, and click the site to be configured under Website Security Acceleration.
2. On the site details page, click Security > DDoS Mitigation to enter the DDoS Protection details page.
3. In the L4 proxy protection tab, select the L4 proxy protection instance you need to configure and click on security configuration.
4. In the region blocking card, click on set to enter the region blocking page.



5. On the region blocking configuration page, click the edit button on the right side of the blocking list, select the blocked region, in this case, select all regions except the Chinese mainland.



6. Click save to complete the region blocking configuration.