An IP address blacklist or whitelist is used to identify and filter users. This helps you restrict access to Alibaba Cloud CDN nodes and improve service security. This topic describes how to configure an IP address blacklist or whitelist.

Background information

  • If an IP address blacklist is configured, the IP addresses in the blacklist have no access to CDN nodes.
  • If an IP address whitelist is configured, only IP addresses in the whitelist have access to CDN nodes.
Note
  • IP blacklists and whitelists support IPv6 addresses. Letters in IPv6 addresses must be uppercase, such as 2001:DB8:0:23:8:800:200C:417A and 2001:0DB8:0000:0023:0008:0800:200C:417A. The representation of an IPv6 address cannot be shortened. For example, 2001:0DB8::0008:0800:200C:417A is not supported.
  • Both IP blacklists and whitelists support Classless Inter-Domain Routing (CIDR) blocks. For example, in the 192.168.0.0/24 CIDR block, /24 indicates that the first 24 bits in the subnet mask are network bits. The remaining 8 bits are host bits. The number of host bits is calculated based on the following formula: 32 - 24 = 8. You can connect 254 hosts to the subnet. The number of hosts is calculated based on the following formula: 2^8 - 2 = 254. Therefore, 192.168.0.0/24 represents IP addresses from 192.168.0.1 to 192.168.0.254.

Procedure

  1. Log on to the ApsaraVideo Live console.
  2. In the left-side navigation pane, click Domains to go to the Domain Management page.
  3. Select the streaming domain that you want to configure and click Domain Settings.
    Configure the domain name
  4. Click the IP Blacklist or Whitelist tab. Then, turn on IP Blacklist or Whitelist.
    Enable the blacklist or whitelist
  5. Set the List Type and Rule parameters and click OK.
    Configure the blacklist or whitelist
    The following table describes the types of referer-based hotlink protection.
    Type Description
    Blacklist All requests that are sent from domain names in the blacklist are denied.
    Whitelist Only requests that are sent from domain names in the whitelist are allowed. Requests from other domain names are denied.