Alibaba Cloud CDN allows you to configure a User-Agent blacklist or whitelist to identity and filter requests. This can restrict access to CDN resources and improve service security. This topic describes how to configure a User-Agent blacklist or whitelist.
Background information
User-Agent is an HTTP header. It contains the information about the client that makes the request, including the operating system (OS), OS version, browser, and browser version.
- User-Agent blacklist: Requests whose User-Agent header is on the blacklist are rejected. The HTTP 403 status code is returned to the client.
- User-Agent whitelist: Only requests whose User-Agent header is on the whitelist are allowed to access resources on CDN edge nodes.
- The blacklist and whitelist are mutually exclusive. You can configure only one of them.
- If a User-Agent field is added to the blacklist, requests that contain the field can still access CDN edge nodes. However, CDN edge nodes reject these requests and return an HTTP 403 status code. These requests are recorded in the CDN logs.
Procedure
Configuration examples
- Example 1: Configure a blacklist
Rule:
*IE*|*^$*
Expected result: Requests sent from Internet Explorer (IE) or do not contain the User-Agent header are rejected.
- Example 2: Configure a whitelist
Rule:
*IE*|*firefox*
Expected result: Only requests sent from IE or Firefox are allowed to access resources on CDN edge nodes.