Access Control Tutorial

更新时间:2024-10-28 17:27:45

Scenario 1: Restrict the access area of users to the service

Example: Your website is about a government announcement, so you only want clients from China to access your hostnames www.announcement.com. You can add a blackl list to deny all the requests except China. The configuration steps are as follows:

1. Create custom rule

  1. Navigate to the Security Settings > Shared Configurations > Custom Rules.
  2. Click Create.

2. Configure rule information

  1. Configure Match Conditions: select Object as “Geo”, Operator as “does not equal”, Area as “China.”, or you can select the province of China if required.
  2. Configure Action: select Action as “Deny”.
  3. Click Confirm to create this rule.

3. Associate hostnames

  1. Go back to Custom Rules page, and find the created rule.
  2. Click China Premium Service控制台自助配置功能上线 to associate the hostname, select “www.announcement.com” from the hostname list, then click Confirm to issue this rule.

Scenario 2: Minimize sensitive resource exposure surfaces

Example: The sensitive resource is published on your website www.sensitive.com, the access path is /sensitive/access, so you only want give the access permission to the client from IP 1.1.1.1 and 2.2.2.2. The configuration steps are as follows:

1. Create custom rule

  1. Navigate to the Security Settings > Shared Configurations > Custom Rules.
  2. Click Create.

2. Configure rule information

  1. Configure Match Conditions: select Object as “IP/CIDR”, Operator as “does not equal”, and type the IP addresses “1.1.1.1;2.2.2.2”.
  2. Click China Premium Service控制台自助配置功能上线 to add another Match Condition: select Object as “Path”, Operatoer as “equals”, and type the content “/sensitive/access”.
  3. Configure Action: select Action as “Deny”.
  4. Click Confirm to create this rule.

3. Associate hostnames

  1. Go back to Custom Rules page, and find the created rule.
  2. Click China Premium Service控制台自助配置功能上线 to associate the hostname, select “www.sensitive.com” from the hostname list, then click Confirm to issue this rule.
本篇文档内容对您是否有帮助?
有帮助
我要反馈
提交成功!非常感谢您的反馈,我们会继续努力做到更好!