All Products
Search
Document Center

ApsaraVideo VOD:Configure a User-Agent blacklist or whitelist

Last Updated:Mar 01, 2024

User-Agent is an HTTP header. The header contains information about the client that makes the request, including the OS, OS version, browser, and browser version. You can configure a User-Agent blacklist or whitelist to identify and filter users. This helps you control access to resources and improve the security of resources in ApsaraVideo VOD. This topic describes how to configure a User-Agent blacklist or whitelist.

Usage notes

  • Only HTTP requests whose User-Agent field is in the User-Agent whitelist of ApsaraVideo VOD can access ApsaraVideo VOD resources.

  • HTTP requests whose User-Agent field is in the User-Agent blacklist of ApsaraVideo VOD cannot access ApsaraVideo VOD resources. If the value of the User-Agent header in a request matches a value in the User-Agent blacklist, the request can reach the POP but is rejected by the POP. Then, the HTTP 403 status code is returned to the client, and the request is recorded in Alibaba Cloud CDN logs.

  • The blacklist and whitelist are mutually exclusive and cannot be configured at the same time.

Procedure

  1. Log on to the ApsaraVideo VOD console.

  2. In the left-side navigation pane, choose Configuration Management > CDN Configuration > Domain Names.

  3. On the Domain Names page, select the domain name that you want to configure, and click Configure in the Actions column.

  4. In the left-side navigation tree of the domain name, click Access Control.

  5. On the page that appears, click the User-Agent Blacklist/Whitelist tab.

  6. On the User-Agent Blacklist/Whitelist tab, click Modify.

  7. Configure a blacklist or whitelist as prompted.

    UA黑/白名单

    Item

    description

    Type

    The following types of lists are supported:

    • Blacklist

      Requests whose User-Agent header matches a value in the blacklist are rejected, and an HTTP 403 status code is returned.

    • Whitelist

      Only requests whose User-Agent header matches a value in the whitelist are allowed to access resources on POPs.

    Item

    When you specify User-Agent values, separate multiple values with vertical bars (|). You can use an asterisk (*) as a wildcard character. Example: *curl*|*IE*|*chrome*|*firefox*.

    Note
    • If you want to enable access control for requests whose User-Agent header is empty, you can use the this-is-empty-ua parameter to specify that the User-Agent header is empty.

      • If you specify the this-is-empty-ua parameter in the rules of the whitelist, requests that contain an empty User-Agent header are allowed.

      • If you specify the this-is-empty-ua parameter in the rules of the blacklist, requests that contain an empty User-Agent header are rejected.

    • The User-Agent blacklist and whitelist do not support access control on requests that do not contain the User-Agent header. You can use EdgeScript to enable the feature. For more information, see EdgeScript overview.

  8. Click OK.

Sample configurations

  • Example 1: Configure a whitelist

    Rules of the whitelist: *IE*|*firefox*

    Expected result: Only requests that are sent from IE or Firefox are allowed to access resources on POPs.

  • Example 2: Configure a blacklist

    Rules of the blacklist: *IE*|this-is-empty-ua

    Expected result: Requests that are sent from IE or contain an empty User-Agent header are rejected.