You can configure an IP address blacklist or whitelist to authenticate and filter visitors. This can restrict access to Dynamic Route for CDN (DCDN) resources and improve DCDN security. This topic describes how to configure an IP address blacklist or whitelist.
Background information
An IP address blacklist or whitelist provides the following features:
- If you use an IP address blacklist, the IP addresses in the blacklist are not allowed
to access the current resources.
If IP addresses are added to the blacklist, requests from the IP addresses can be sent to DCDN nodes. However, the DCDN nodes reject the requests and return 403 errors. The requests from the IP addresses that are included in the blacklist are recorded in DCDN logs.
- If you use an IP address whitelist, only the IP addresses in the whitelist are allowed to access the current resources.
- You can add IPv6 addresses to your blacklist or whitelist. The examples of IPv6 addresses include 2001:db8:0:23:8:800:200c:417a and 2001:0db8:0000:0023:0008:0800:200c:417a. IP address blacklists and whitelists do not support the short format of IPv6 addresses, such as 2001:0db8::0008:0800:200c:417a.
- IP address blacklists and whitelists support CIDR blocks. For example, in the 192.168.0.0/24 CIDR block, 24 is the subnet mask. The remaining 8 bits are host bits. The number of host bits is calculated based on the following formula: 32 - 24 = 8. You can connect 254 hosts to the subnet. The number of hosts is calculated based on the following formula: 2^8 - 2 = 254. The 192.168.0.0/24 CIDR block indicates the IP addresses that range from 192.168.0.1 to 192.168.0.254.