Alibaba Cloud ApsaraVideo VOD allows you to configure a User-Agent blacklist or whitelist to identify users and control access. Only authorized users have access to resources on ApsaraVideo VOD. This provides a basic level of security for ApsaraVideo VOD. This topic describes how to configure a User-Agent blacklist or whitelist.

Background information

If you want to implement access control based on the User-Agent field, you can configure a User-Agent blacklist or whitelist to filter requests.
  • User-Agent blacklist: HTTP requests whose User-Agent field is in the User-Agent blacklist of ApsaraVideo VOD cannot access ApsaraVideo VOD resources.

    If you add a User-Agent field to the User-Agent blacklist of ApsaraVideo VOD, requests that contain the User-Agent field are still sent to CDN nodes. However, the CDN nodes reject these requests and return a 403 status code. These requests are recorded in the CDN logs.

  • User-Agent whitelist: Only HTTP requests whose User-Agent field is in the User-Agent whitelist of ApsaraVideo VOD can access ApsaraVideo VOD resources.

Procedure

  1. Log on to the ApsaraVideo VOD console.
  2. In the left-side navigation pane of the ApsaraVideo VOD console, choose Configuration Management > CDN Configuration > Domain Names to go to the Domain Names page.
  3. On the Domain Names page, select the domain name that you want to configure, and click Configure in the Actions column.
    Click Configure
  4. On the Domain Names page, click the domain name that you want to configure, and then click Resource Access Control.
  5. On the page that appears, click the User-Agent Blacklist/Whitelist tab.
  6. On the User-Agent Blacklist/Whitelist tab, click Modify.
  7. Configure a Blacklist or Whitelist as prompted.
    User-Agent blacklist or whitelist
    Parameter Description
    Type
    The following two types of list are supported:
    • Blacklist

      HTTP requests whose User-Agent field is in the User-Agent blacklist of ApsaraVideo VOD cannot access ApsaraVideo VOD resources.

    • Whitelist

      Only HTTP requests whose User-Agent field is in the User-Agent whitelist of ApsaraVideo VOD can access ApsaraVideo VOD resources.

    Note The blacklist and whitelist are mutually exclusive. You cannot configure both the User-Agent blacklist and whitelist at the same time.
    Rules You can enter multiple User-Agent fields by separating each value with a vertical bar (|). You can use the wildcard character (*) to match any string. Example: *curl*|*IE*|*chrome*|*firefox*
    Note Use ^$ to specify empty User-Agent fields.
  8. Click OK.