You can configure an IP address blacklist or whitelist to identify and filter users. This can restrict access to CDN resources and improve CDN security. This topic describes how to configure an IP address blacklist or whitelist.

Background information

  • IP address blacklist: Blacklisted IP addresses are not allowed to access CDN resources.

    If your IP address is added to the blacklist, a request from your IP address can still be sent to a CDN node. However, the CDN node will reject the request and return a 403 error. The requests from blacklisted IP addresses are recorded in CDN logs.

  • IP address whitelist: Only whitelisted IP addresses are allowed to access CDN resources.
Note
  • Both the IP address blacklist and whitelist support IPv6 addresses.
  • Both the IP address blacklist and whitelist support CIDR notations. For example, in the CIDR block 192.168.0.0/24, /24 indicates that the first 24 bits are network bits. The remaining 8 bits are host bits. The subnet can accommodate 254 hosts. 192.168.0.0/24 indicates the IP addresses from 192.168.0.1 to 192.168.0.254.

Procedure

  1. Log on to the Alibaba Cloud CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the target domain name and click Manage.
  4. In the left-side navigation pane of the specified domain, click Access Control.
  5. Click the IP Blacklist/Whitelist tab.
  6. Click Modify next to IP Blacklist/Whitelist.
    IP Blacklist/Whitelist
  7. Configure Blacklist or Whitelist as prompted.
    Parameter Description
    Type
    The following two types of IP address lists are supported:
    • Blacklist

      The blacklisted IP addresses are not allowed to access CDN resources.

    • Whitelist

      Only the whitelisted IP addresses are allowed to access CDN resources.

    The blacklist and whitelist are mutually exclusive, and whichever configured last takes effect.

    Rules You can add a maximum of 100 IP addresses or CIDR blocks and separate them with carriage return characters. Do not add the same IP address or CIDR block repeatedly. For example, if the CIDR block 192.168.0.1/24 already exists, it cannot be added again.
  8. Click OK.