Back
Content Acceleration
CDNetworks Documentation Content Acceleration Access Control IP Access Rules

IP Access Rules

Last update:2024-04-29 17:24:18

After setting up IP blacklists and whitelists, the CDN will first verify the client’s IP when a content request is sent. Based on the configured rules, the CDN can allow or deny the access from specific IPs, effectively mitigating risks such as malicious scraping and cyber-attacks.

How to Set Up the IP Blacklist/Whitelist

  1. Log in to the CDNetworks Console and select the appropriate product.
  2. Go to the Configuration, locate the domain you wish to configure, and click Edit ConfigurationNew PoPs in Armenia and Kazakhstan.
  3. Navigate to Hotlinking Protection - IP Blacklist/Whitelist Anti-Hotlinking in the left sidebar and click Add.
  4. Configure the settings as follows based on your needs.

Effective Range
This defines the range of requests that the rules will apply to. You can choose from the following options:

Setting Description
All Requests The access control rule applies to all types of requests.
Only Homepage Applies only to the root directory of the domain, such as http://domain/ or https://domain/.
Specified File Type Applies only to specific types of files. You can select from the predefined file types on the left or define custom file types. Separate multiple custom types with a semicolon ;.(e.g., jpg;png).
Specified URI Applies only to requests for content at a specific URI. Two URI matching options are available:
Exact matching: Complete URI, including parameters.(e.g., path/index.html?abc=123).
Ignore the parameter matching: URI without query parameters.(e.g., path/index.html).
Specified Directory Applies to requests under specific directories. For example, /file/abc/ applies to all content under http://domain/file/abc/*.
Note: Directories must start and end with /, and can only contain letters, numbers, and certain special characters (underscore, hyphen, percent sign, dot). Multiple directories are supposed to be seperated with line breaks.
URL Pattern Uses regular expressions to control the range of requests that the rules will be applied to. For example, the pattern *.jpg$ ensures that access control applies to all URLs ending with .jpg.

Rule Type
You can set up either a IP blacklist or whitelist:

Type Description
Blacklist Set an IP blacklist to deny access from certain IPs or IP ranges. We provide four options:
Custom: Define your IP blacklist by adding specified IP addresses and ranges. Access from these IPs will be denied.
All IPs: Access denied for all IP addresses.
All IPv4: Access denied for IPv4 addresses only.
All IPv6: Access denied for IPv6 addresses only.
You can add excetpions to permit access from certain IPs within a blocked range by Setting Exception IP Addresses/IP Segments. Multiple exceptions can be added simutaneously and should be separated by ;.
Whitelist Set an IP whitelist to allow access only from specific IPs or IP ranges. Multiple IPs or ranges can be added simutaneously and should be separated by ;.

The system supports only one whitelist rule. If multiple IPs or IP ranges are needed, they must all be included within this single whitelist.

Action
When a client’s IP does not meet the set rules, and their request is denied by the CDN, choose whether to return an error code directly or redirect to another URL:

  • Deny Access: The CDN rejects the request with a 403 error.
  • Redirect URL: The CDN redirects the requests to another URL.

Priority
When multiple access control rules are configured, the CDN prioritizes them based on their numerical value, executing higher numbers first.

After you have completed setting the configurations, please click OK and then select Next to submit your settings. To minimize any potential disruptions to your production environment, we strongly recommend conducting a Pre-deploy test in a staging environment. This crucial step ensures that your configurations are accurate before they go live. Once you have verified the accuracy of the settings, click Deploy Now to implement them in the live environment. The configurations typically become effective within 3-5 minutes. For comprehensive guidance on pre-deployment testing and to verify the effectiveness of your configurations, please consult the tutorial Deploy the Configurations to Staging Environment for Validation.

Best Practices

Example 1: Configure an IP Blacklist
Prohibit access from IP addresses 1.1.1.1 and 2.2.2.2 to http://cdnetworks/browse/index.html.

Example 2: Configure an IP Whitelist
Allow access only from IP addresses 1.1.1.1 or 2.2.2.2 to http://cdnetworks/browse/index.html.

Example 3: Permanent URL Ban
Block access to http://cdnetworks/browse/index.html for all users. The block will remain until the configuration is manually removed.

Notes

Please DO NOT configure both IP blacklists and whitelists simultaneously, as this may result in access to CDN being denied, potentially impacting your business. For example, configuring both a IP blacklist and whitelist as shown below can lead to all accesses being denied by the CDN.

Why would all requests be denied?

  1. When a request comes from IP 1.1.1.1, it matches the IP blacklist rules and is denied by the CDN。
  2. Requests from other IPs, while not denied by the blacklist, fail to meet the whitelist rule (which only allows access from 1.1.1.1) and are also denied.

If you need to configure both a blacklist and a whitelist, please contact our technical support for assistance to ensure proper setup.

Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!

CDNetworks Inc., © 2022. 1550 Valley Vista Dr., Suite 110, Diamond Bar, CA 91765 - All rights reserved.