All Products
Search

This Product

    ApsaraVideo VOD:IP address blacklist or whitelist

    Document Center

    ApsaraVideo VOD:IP address blacklist or whitelist

    Last Updated:Mar 06, 2024

    An IP address blacklist or whitelist filters user requests, and blocks or allows requests from specific IP addresses. The IP list feature can restrict access sources and protect points of presence (POPs) from IP theft and attacks.

    Usage notes

    By default, the IP list feature is disabled. The IP address blacklist and whitelist are mutually exclusive. You can configure only one of the lists.

    Procedure

    1. Log on to the ApsaraVideo VOD console.

    2. In the left-side navigation pane, choose Configuration Management > CDN Configuration > Domain Names.

    3. On the Domain Names page, select the domain name that you want to configure, and click Configure in the Actions column.

    4. Click Resource Access Control.

    5. On the IP Address Blacklists/Whitelists tab, click Modify.

      修改配置

    6. In the dialog box that appears, specify the Type and Rules parameters and click OK.

      配置

      The following table describes the parameters.

      Parameter

      Description

      Type

      • IP Blacklist

        Requests from IP addresses in the blacklist cannot access resources on the POPs.

      • IP Whitelist

        Only requests from IP addresses in the whitelist can access resources on the POPs.

        Warning

        If you add 0.0.0.0/0 to the whitelist, requests from all IP addresses can access resources on the POPs. This operation introduces high security risks. Proceed with caution.

      Rules

      Enter CIDR blocks such as 192.168.0.0/24 or IP addresses such as 192.168.0.1. Make sure that the CIDR blocks do not overlap. IPv4 and IPv6 addresses are supported. Separate IP addresses with carriage return characters.

      • IP address blacklists and whitelists support IPv6 addresses. Letters in IPv6 addresses must be uppercase, such as 2001:0DB8:4:4:4:4:4:4 and 2001:0DB8:0000:0023:0008:0800:200C:417A. The notation of an IPv6 address must not be shortened. For example, 2001:0DB8::0008:0800:200C:417A is invalid.

      • IP address blacklists and whitelists support CIDR blocks. For example, in the 192.168.0.0/24 CIDR block, /24 indicates that the first 24 bits in the subnet mask are network bits. The remaining 8 bits are host bits. The number of host bits is calculated based on the following formula: 32 - 24 = 8. The subnet can accommodate up to 254 hosts. The number of hosts is calculated based on the following formula: 2^8 - 2 = 254. Therefore, 192.168.0.0/24 indicates IP addresses from 192.168.0.1 to 192.168.0.254.

    Related API operations

    BatchSetVodDomainConfigs: You can call this operation to configure one or more domain names for CDN. You can specify an IP address blacklist or whitelist by configuring the ip_black_list_set or ip_allow_list_set parameter.