Whitelist can allow requests you trust to bypass all security policies. It can commonly be used in the following scenarios:
- Allowing the IP addresses of your internal network or trusted suppliers.
- Excluding low-risk internal operations from security policies to mitigate any impact on routine business activities.
- Mitigating false positive situation: If your service request is mistakenly intercepted because it has certain attack characteristics, you can temporarily allow the requests to pass through Whitelist.
To configure Whitelist:
- Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
- Go to Security Settings > Policies.
- Find the hostname for which you want to configure security policies, click .
- Go to Whitelist tab. If this policy is off, turn it on.
Create a Whitelist rule
- On the Whitelist tab. Click Create.
- In Rule Name, enter a name for the custom rule.
- If you want, enter a Description.
- At least one matching condition must be configured. If multiple values can be entered for the same matching condition, the relationship between these values is “or”. Please separate different values by line breaks. The supported matching conditions can be found in the Match Conditions.
- If you want, add another rule condition. When you set multiple conditions, they’re strung together with an AND operator.
- Select the action.
- Click Confirm.
- Click Publish Changes to make the configuration take effect.
Example
Allow requests that include ‘sysconf’ in the path and have a client IP of 1.1.1.1. Configuration is as follows:
- Rule Name: whitelist_example
- Match Conditions: IP/CIDR equals 1.1.1.1 AND Path contains sysconf