Alibaba Cloud CDN allows you to configure a User-Agent blacklist or whitelist to identity and filter requests. This can restrict access to CDN resources and improve service security. This topic describes how to configure a User-Agent blacklist or whitelist.
User-Agent is an HTTP header. It contains the information about the client that makes the request, including the operating system (OS), OS version, browser, and browser version.
- User-Agent blacklist: Requests whose User-Agent header is on the blacklist are rejected. The HTTP 403 status code is returned to the client.
- User-Agent whitelist: Only requests whose User-Agent header is on the whitelist are allowed to access resources on CDN edge nodes.
- The blacklist and whitelist are mutually exclusive. You can configure only one of them.
- If a User-Agent field is added to the blacklist, requests that contain the field can still access CDN edge nodes. However, CDN edge nodes reject these requests and return an HTTP 403 status code. These requests are recorded in the CDN logs.
- Log on to the Alibaba Cloud CDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column of the domain name.
- In the management pane of the domain name, click Access Control.
- Click the UserAgent Blacklist/Whitelist tab.
- On the UserAgent Blacklist/Whitelist tab, click Modify.
- Set Type to Blacklist or Whitelist based on your business requirements.
Parameter Description TypeThe following two types of list are supported:
Requests whose User-Agent header is on the blacklist are rejected.
Only requests whose User-Agent header is on the whitelist are allowed to access resources on CDN edge nodes.
Rules When you specify User-Agent fields, separate fields with vertical bars (|). The wildcard character (*) is supported. Example:
*curl*|*IE*|*chrome*|*firefox*.NoteYou can use
^$to specify requests with empty User-Agent headers.
- For a whitelist,
^$specifies that requests with empty User-Agent headers are allowed to access resources on CDN edge nodes.
- For a blacklist,
^$specifies that requests with empty User-Agent headers are rejected.
- Click OK.
- Example 1: Configure a blacklist
Expected result: Requests sent from Internet Explorer (IE) or do not contain the User-Agent header are rejected.
- Example 2: Configure a whitelist
Expected result: Only requests sent from IE or Firefox are allowed to access resources on CDN edge nodes.