Access Control Tutorial

Last update:2024-10-28 17:13:55

Scenario 1: Restrict the access area of users to the service

Example: Your website is about a government announcement, so you only want clients from China to access your hostnames www.announcement.com. You can add a blackl list to deny all the requests except China. The configuration steps are as follows:

1. Create custom rule

  1. Navigate to the Security > Shared Configurations > Custom Rules.
  2. Click Create.

2. Configure rule information

  1. Configure Match Conditions: select Object as “Geo”, Operator as “does not equal”, Area as “China.”, or you can select the province of China if required.
  2. Configure Action: select Action as “Deny”.
  3. Click Confirm to create this rule.

3. Associate hostnames

  1. Go back to Custom Rules page, and find the created rule.
  2. Click 系统框架升级 to associate the hostname, select “www.announcement.com” from the hostname list, then click Confirm to issue this rule.

Scenario 2: Minimize sensitive resource exposure surfaces

Example: The sensitive resource is published on your website www.sensitive.com, the access path is /sensitive/access, so you only want give the access permission to the client from IP 1.1.1.1 and 2.2.2.2. The configuration steps are as follows:

1. Create custom rule

  1. Navigate to the Security > Shared Configurations > Custom Rules.
  2. Click Create.

2. Configure rule information

  1. Configure Match Conditions: select Object as “IP/CIDR”, Operator as “does not equal”, and type the IP addresses “1.1.1.1;2.2.2.2”.
  2. Click 系统框架升级 to add another Match Condition: select Object as “Path”, Operatoer as “equals”, and type the content “/sensitive/access”.
  3. Configure Action: select Action as “Deny”.
  4. Click Confirm to create this rule.

3. Associate hostnames

  1. Go back to Custom Rules page, and find the created rule.
  2. Click 系统框架升级 to associate the hostname, select “www.sensitive.com” from the hostname list, then click Confirm to issue this rule.
Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!