Last update:2024-07-17 17:26:54
In a communication network, IP addresses are unique and remain constant throughout the request process. When a client initiates a request to a CDN edge servers, the CDN edge servers can obtain the client’s IP address. Therefore, IP addresses can be utilized for access control. Upon receiving a request from a client, the CDN node checks the client’s IP address and then either allows or denies user requests that comply with specific rules.
The IP access rule is suitable for the following scenarios:
Effective Range
This defines the range of requests that the rules will apply to. You can choose from the following options:
Setting | Description |
---|---|
All Requests | The access control rule applies to all types of requests. |
Only Homepage | Applies only to the root directory of the domain, such as http://domain/ or https://domain/ . |
Specified File Type | Applies only to specific types of files. You can select from the predefined file types on the left or define custom file types. Separate multiple custom types with a semicolon ; .(e.g., jpg;png ). |
Specified URI | Applies only to requests for content at a specific URI. Two URI matching options are available:Exact matching: Complete URI, including parameters.(e.g., path/index.html?abc=123 ). Ignore the parameter matching: URI without query parameters.(e.g., path/index.html ). |
Specified Directory | Applies to requests under specific directories. For example, /file/abc/ applies to all content under http://domain/file/abc/*.Note: Directories must start and end with / , and can only contain letters, numbers, and certain special characters (underscore, hyphen, percent sign, dot). Multiple directories are supposed to be seperated with line breaks. |
URL Pattern | Uses regular expressions to control the range of requests that the rules will be applied to. For example, the pattern *.jpg$ ensures that access control applies to all URLs ending with .jpg . |
Rule Type
You can set up either a IP blacklist or whitelist:
Type | Description |
---|---|
Blacklist | Set an IP blacklist to deny access from certain IPs or IP ranges. We provide four options:Custom: Define your IP blacklist by adding specified IP addresses and ranges. Access from these IPs will be denied.All IPs: Access denied for all IP addresses.All IPv4: Access denied for IPv4 addresses only.All IPv6: Access denied for IPv6 addresses only.You can add excetpions to permit access from certain IPs within a blocked range by Setting Exception IP Addresses/IP Segments. Multiple exceptions can be added simutaneously and should be separated by ; . |
Whitelist | Set an IP whitelist to allow access only from specific IPs or IP ranges. Multiple IPs or ranges can be added simutaneously and should be separated by ; . |
The system supports only one whitelist rule. If multiple IPs or IP ranges are needed, they must all be included within this single whitelist.
Action
When a client’s IP does not meet the set rules, and their request is denied by the CDN, choose whether to return an error code directly or redirect to another URL:
Priority
When multiple access control rules are configured, the CDN prioritizes them based on their numerical value, executing higher numbers first.
After you have completed setting the configurations, please click OK and then select Next to submit your settings. To minimize any potential disruptions to your production environment, we strongly recommend conducting a Pre-deploy test in a staging environment. This crucial step ensures that your configurations are accurate before they go live. Once you have verified the accuracy of the settings, click Deploy Now to implement them in the live environment. The configurations typically become effective within 3-5 minutes. For comprehensive guidance on pre-deployment testing and to verify the effectiveness of your configurations, please consult the tutorial Deploy the Configurations to Staging Environment for Validation.
Example 1: Configure an IP Blacklist
Prohibit access from IP addresses 1.1.1.1
and 2.2.2.2
to http://cdnetworks/browse/index.html
.
Example 2: Configure an IP Whitelist
Allow access only from IP addresses 1.1.1.1
or 2.2.2.2
to http://cdnetworks/browse/index.html
.
Example 3: Permanent URL Ban
Block access to http://cdnetworks/browse/index.html
for all users. The block will remain until the configuration is manually removed.
Please DO NOT configure both IP blacklists and whitelists simultaneously, as this may result in access to CDN being denied, potentially impacting your business. For example, configuring both a IP blacklist and whitelist as shown below can lead to all accesses being denied by the CDN.
Why would all requests be denied?
1.1.1.1
, it matches the IP blacklist rules and is denied by the CDN。1.1.1.1
) and are also denied.If you need to configure both a blacklist and a whitelist, please contact our technical support for assistance to ensure proper setup.