IP ACL

This topic describes how to configure an access control list (ACL) of IP addresses. You can set a filtering policy to filter out requests from specific IP addresses to restrict access and prevent content theft and attacks.

Precautions

This function is disabled by default.

Procedure

Log in to Huawei Cloud console. Choose Service List > Content Delivery & Edge Computing > Content Delivery Network.
The CDN console is displayed.
In the navigation pane, choose Domains.
In the domain list, click the target domain name or click Configure in the Operation column.
Click the Access Control tab.
In the IP ACL area, click Edit. The Configure IP ACL dialog box is displayed.
Figure 1 Configuring an IP ACL
Switch on Status to enable this configuration item.

Select a type and enter rules.

Parameter	Description
Type	IP address blacklist: If the IP address of a user is included in the IP address blacklist, status code 403 will be returned when the user accesses a CDN PoP. IP address whitelist: If the IP address of a user is not included in the IP address whitelist, status code 403 will be returned when the user accesses a CDN PoP. NOTE: Either an IP address blacklist or IP address whitelist can be configured.
Rule	Up to 500 IP addresses or subnets are supported. Enter one IP address or subnet on each row. The IP address portion of the subnet must be the first IP address on that block. Duplicate IP addresses and IP address segments will be removed. Wildcards are not supported, for example, 192.168.0.. IPv6 is supported. NOTE: An IP address segment cannot include an IP address you specify. Example: You cannot enter 10.62.53.75* and 10.62.53.0/24 in the same rule.

Parameter

Description

Type

IP address blacklist: If the IP address of a user is included in the IP address blacklist, status code 403 will be returned when the user accesses a CDN PoP.
IP address whitelist: If the IP address of a user is not included in the IP address whitelist, status code 403 will be returned when the user accesses a CDN PoP.
NOTE:
- Either an IP address blacklist or IP address whitelist can be configured.

Rule

Up to 500 IP addresses or subnets are supported. Enter one IP address or subnet on each row.
The IP address portion of the subnet must be the first IP address on that block.
Duplicate IP addresses and IP address segments will be removed.
Wildcards are not supported, for example, 192.168.0.*.
IPv6 is supported.
NOTE:
An IP address segment cannot include an IP address you specify.
- Example: You cannot enter 10.62.53.75 and 10.62.53.0/24 in the same rule.

Click OK.
(Optional) Disable the IP ACL.
- Switch off Status to disable the IP ACL and clear all IP ACL settings. You need to set related parameters when enabling this function again.

Examples

Assume that you have configured the following ACL for domain name www.example.com:

A user requests http://www.example.com/abc.jpg. The user client IP address 192.168.1.1 is included in the blacklist, so error code 403 is returned.
A user requests http://www.example.com/abc.jpg. The user client IP address 192.168.1.3 is not included in the blacklist, so the requested content is returned.

Parent topic: Access Control

Previous topic: Referer Validation

Next topic: User-Agent ACL