You can configure a User-Agent blacklist or whitelist to identify and filter visitors. This can restrict access to CDN resources and improve CDN security. This topic describes how to configure a User-Agent blacklist or whitelist.

Background information

If you need to implement access control based on the User-Agent field, you must configure a User-Agent blacklist or whitelist to filter requests.
  • User-Agent blacklist: The User-Agent fields on the blacklist cannot be used to access resources.

    If your User-Agent field is added to the blacklist, a request with the User-Agent field can still be sent to a CDN node. However, the CDN node will reject the request and return a 403 error. Requests that contain the blacklisted User-Agent fields are still recorded in CDN logs.

  • User-Agent whitelist: Only User-Agent fields on the whitelist can be used to access resources.

Procedure

  1. Log on to the Alibaba Cloud CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the target domain name and click Manage.
  4. In the left-side navigation pane of the specified domain, click Access Control.
  5. Click the UserAgent Blacklist/Whitelist tab.
  6. Click Modify next to UserAgent Blacklist/Whitelist.
    UserAgent Blacklist/Whitelist
  7. Configure Blacklist or Whitelist as prompted.
    Parameter Description
    Type
    The following two types are supported:
    • Blacklist

      The User-Agent fields on the blacklist cannot be used to access resources.

    • Whitelist

      Only User-Agent fields on the whitelist can be used to access resources.

    The blacklist and whitelist are mutually exclusive, and whichever configured last takes effect.

    Rules When you configure the User-Agent fields, use vertical bars (|) to separate multiple values. The User-Agent field can contain wildcards (*). Example: *curl*|*IE*|*chrome*|*firefox*
  8. Click OK.