You can configure an IP blacklist or whitelist to authenticate and authorize visitors. This can restrict access to Dynamic Route for CDN (DCDN) resources and improve DCDN security. This topic describes how to configure an IP blacklist or whitelist.

Background information

  • IP blacklist: Blacklisted IP addresses are not allowed to access DCDN resources.

    If an IP address is added to the blacklist, a request from the IP address can still be sent to a DCDN node. However, the DCDN node will reject the request and return a 403 error. Requests from blacklisted IP addresses are still recorded in DCDN logs.

  • IP whitelist: Only whitelisted IP addresses are allowed to access DCDN resources.
Note
  • Both the IP blacklist and whitelist support IPv6 addresses.
  • Both the IP blacklist and whitelist support CIDR notations. For example, in the CIDR block 192.168.0.0/24, /24 indicates that the first 24 bits are network bits. The remaining 8 bits are host bits. The subnet can accommodate 254 hosts. 192.168.0.0/24 indicates the IP addresses from 192.168.0.1 to 192.168.0.254.

Procedure

  1. Log on to the Dynamic Route for CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the target domain name and click Configure.
  4. In the left-side navigation pane of the specified domain, click Access Control.
  5. Click Modify next to IP Blacklist/Whitelist.
  6. Configure a blacklist or whitelist as prompted.
    Parameter Description
    Type
    The following types of IP lists are supported:
    • Blacklist

      The blacklisted IP addresses are not allowed to access the current accelerated domain.

    • Whitelist

      Only the whitelisted IP addresses are allowed to access the current accelerated domain.

    The blacklist and whitelist are mutually exclusive. The most recent configuration takes effect.

    Rules You can add a maximum of 100 IP addresses or CIDR blocks and separate them with carriage return characters. Do not add the same IP address or CIDR block repeatedly. For example, if the CIDR block 192.168.0.1/24 already exists, do not add IP addresses in this IP range again.
    IP Blacklist/Whitelist
  7. Click OK.