Scenario 1: Restrict the access area of users to the service
Example: Your website is about a government announcement, so you only want clients from China to access your hostnames www.announcement.com. You can add a blackl list to deny all the requests except China. The configuration steps are as follows:
1. Create custom rule
- Navigate to the Security Settings > Shared Configurations > Custom Rules.
- Click Create.
2. Configure rule information
- Configure Match Conditions: select Object as “Geo”, Operator as “does not equal”, Area as “China.”, or you can select the province of China if required.
- Configure Action: select Action as “Deny”.
- Click Confirm to create this rule.
3. Associate hostnames
- Go back to Custom Rules page, and find the created rule.
- Click to associate the hostname, select “www.announcement.com” from the hostname list, then click Confirm to issue this rule.
Scenario 2: Minimize sensitive resource exposure surfaces
Example: The sensitive resource is published on your website www.sensitive.com, the access path is /sensitive/access, so you only want give the access permission to the client from IP 1.1.1.1 and 2.2.2.2. The configuration steps are as follows:
1. Create custom rule
- Navigate to the Security Settings > Shared Configurations > Custom Rules.
- Click Create.
2. Configure rule information
- Configure Match Conditions: select Object as “IP/CIDR”, Operator as “does not equal”, and type the IP addresses “1.1.1.1;2.2.2.2”.
- Click to add another Match Condition: select Object as “Path”, Operatoer as “equals”, and type the content “/sensitive/access”.
- Configure Action: select Action as “Deny”.
- Click Confirm to create this rule.
3. Associate hostnames
- Go back to Custom Rules page, and find the created rule.
- Click to associate the hostname, select “www.sensitive.com” from the hostname list, then click Confirm to issue this rule.