Access Control Tutorial

最終更新日:2024-10-28 17:13:55

Scenario 1: Restrict the access area of users to the service

Example: Your website is about a government announcement, so you only want clients from China to access your hostnames www.announcement.com. You can add a blackl list to deny all the requests except China. The configuration steps are as follows:

1. Create custom rule

  1. Navigate to the Security > Shared Configurations > Custom Rules.
  2. Click Create.

2. Configure rule information

  1. Configure Match Conditions: select Object as “Geo”, Operator as “does not equal”, Area as “China.”, or you can select the province of China if required.
  2. Configure Action: select Action as “Deny”.
  3. Click Confirm to create this rule.

3. Associate hostnames

  1. Go back to Custom Rules page, and find the created rule.
  2. Click China Premium Service控制台自助配置功能上线 to associate the hostname, select “www.announcement.com” from the hostname list, then click Confirm to issue this rule.

Scenario 2: Minimize sensitive resource exposure surfaces

Example: The sensitive resource is published on your website www.sensitive.com, the access path is /sensitive/access, so you only want give the access permission to the client from IP 1.1.1.1 and 2.2.2.2. The configuration steps are as follows:

1. Create custom rule

  1. Navigate to the Security > Shared Configurations > Custom Rules.
  2. Click Create.

2. Configure rule information

  1. Configure Match Conditions: select Object as “IP/CIDR”, Operator as “does not equal”, and type the IP addresses “1.1.1.1;2.2.2.2”.
  2. Click China Premium Service控制台自助配置功能上线 to add another Match Condition: select Object as “Path”, Operatoer as “equals”, and type the content “/sensitive/access”.
  3. Configure Action: select Action as “Deny”.
  4. Click Confirm to create this rule.

3. Associate hostnames

  1. Go back to Custom Rules page, and find the created rule.
  2. Click China Premium Service控制台自助配置功能上线 to associate the hostname, select “www.sensitive.com” from the hostname list, then click Confirm to issue this rule.