Whitelist

Whitelist is one of the core security configuration functions, used to specify and allow requests that you trust, exempting them from security policy detection. Common application scenarios include:

1. Release internal network and trusted partner IPs: Add the CIDR of the enterprise’s internal network and trusted suppliers to the whitelist to ensure that internal office work and cooperation docking are not restricted by WAF policies, thus avoiding any obstruction to normal processes.
2. Exclude low-risk internal business access: Configure whitelists for internal self-use and low-risk businesses (such as management backends and test interfaces) to avoid false blocking by security rules and ensure efficient operation of internal businesses.
3. Bypass business accesses caused by false judgments: When normal business is mistakenly blocked due to similar request features, temporary release via a whitelist can restore business operations, and subsequent strategies can be optimized to reduce misjudgment.

Steps:

1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
2. Go to Security Settings > Policies.
3. Find the hostname for security policy configuration, and click .
4. Go to Whitelist tab. If this policy is off, turn it on.

Create a Whitelist rule

-On the Security Settings page, select Whitelist.
-On the Whitelist tab, click Create.

• In Rule Name, input the rule name without any special character or space.
• If needed, input the Description.
• At least one match condition must be configured. If multiple values can be entered for the same matching condition, the relationship between these values is “or”. Please separate different values by line breaks. The supported matching conditions can be found in the Match Conditions.
• If necessary, click “+” to add more match conditions for the rule. Multiple match conditions are subject to the “AND” relationship. Only one type of logical operation can be added for the same matching condition.
• Select the Action.
• Click Confirm to save the rule configurations.
• Click Publish Changes to make the configuration take effect.

Example

Bypass requests that include ‘sysconf’ in the path and have a client IP of 1.1.1.1. Configuration is as follows:

• Rule Name: whitelist_example
• Match Conditions: IP/CIDR equals 1.1.1.1 AND Path contains sysconf