Alibaba Cloud Content Delivery Network (CDN) allows you to configure an IP address blacklist or whitelist to identify and filter users. This helps you control access to CDN resources and improve resource security. This topic describes how to configure an IP address blacklist or whitelist.

Background information

  • IP address blacklist: IP addresses in the blacklist are not allowed to access CDN resources.

    If an IP address is added to the blacklist, requests from the IP address can still be sent to CDN nodes. However, the CDN nodes will reject the request and return a 403 error. Requests sent from IP addresses that are in the blacklist are recorded in the CDN logs.

  • IP address whitelist: Only IP addresses in the whitelist are allowed to access CDN resources.
Note
  • IP blacklists and whitelists support IPv6 addresses. Note that IPv6 addresses must use uppercase letters, for example, 2001:DB8:0:23:8:800:200C:417A or 2001:0DB8:0000:0023:0008:0800:200C:417A. The representation of an IPv6 address must not be shortened. For example, 2001:0DB8::0008:0800:200C:417A is not supported.
  • Both IP blacklists and whitelists support CIDR blocks. For example, in the CIDR block 192.168.0.0/24, /24 indicates that the first 24 bits are the network bits. The remaining 8 bits are the host bits. The subnet can accommodate 254 hosts. Therefore, 192.168.0.0/24 represents IP addresses from 192.168.0.1 to 192.168.0.254.

Procedure

  1. Log on to the Alibaba Cloud CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the target domain name and click Manage.
  4. In the left-side navigation pane of the specified domain, click Access Control.
  5. Click the IP Blacklist/Whitelist tab.
  6. In the IP Blacklist/Whitelist section, click Modify.
  7. Select Blacklist or Whitelist based on your business requirements.
    Select Blacklist or IP Whitelist
    Parameter Description
    Type
    The following types of IP list are supported:
    • Blacklist

      IP addresses in the blacklist are not allowed to access the current accelerated domain name.

    • whitelist

      Only IP addresses in the whitelist are allowed to access the current accelerated domain name.

    The blacklist and whitelist are mutually exclusive. The most recent configuration takes effect.

    Rules You can specify at most 100 IP addresses or CIDR blocks and separate them with carriage return characters. Each CIDR block must be unique. For example, if the IP address 127.0.0.0/24 is already configured, it cannot be configured again.
  8. Click OK.