You can configure an IP address blacklist or whitelist to authenticate and filter visitors. This can restrict access to Dynamic Route for CDN (DCDN) resources and improve DCDN security. This topic describes how to configure an IP address blacklist or whitelist.
An IP address blacklist or whitelist provides the following features:
- If you use an IP address blacklist, the IP addresses in the blacklist are not allowed
to access the current resources.
If IP addresses are added to the blacklist, requests from the IP addresses can be sent to DCDN nodes. However, the DCDN nodes reject the requests and return 403 errors. The requests from the IP addresses that are included in the blacklist are recorded in DCDN logs.
- If you use an IP address whitelist, only the IP addresses in the whitelist are allowed to access the current resources.
- You can add IPv6 addresses to your blacklist or whitelist. The examples of IPv6 addresses include 2001:db8:0:23:8:800:200c:417a and 2001:0db8:0000:0023:0008:0800:200c:417a. IP address blacklists and whitelists do not support the short format of IPv6 addresses, such as 2001:0db8::0008:0800:200c:417a.
- IP address blacklists and whitelists support CIDR blocks. For example, in the 192.168.0.0/24 CIDR block, 24 is the subnet mask. The remaining 8 bits are host bits. The number of host bits is calculated based on the following formula: 32 - 24 = 8. You can connect 254 hosts to the subnet. The number of hosts is calculated based on the following formula: 2^8 - 2 = 254. The 192.168.0.0/24 CIDR block indicates the IP addresses that range from 192.168.0.1 to 192.168.0.254.
- Log on to the DCDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage, and click Configure in the Actions column.
- In the left-side navigation pane on the details page of the specified domain, click Access Control.
- On the right side of the page that appears, click the IP Blacklist/Whitelist tab.
- Turn on IP Blacklist/Whitelist, and configure an IP address Blacklist or Whitelist as prompted.
Parameter Description TypeThe following types are supported:
The IP addresses in the blacklist are not allowed to access the current resources.
Only the IP addresses in the whitelist are allowed to access the current resources.
Blacklists and whitelists are mutually exclusive. The most recent configuration takes effect.
Rules You can add a maximum of 100 IP addresses to the whitelist or blacklist. Separate multiple IP addresses with carriage return characters. You cannot add duplicate IP addresses or CIDR blocks to the blacklist or whitelist. For example, if the CIDR block
192.168.0.1/24exists, you cannot add the IP addresses that are included in the CIDR block.
- Click OK.