Dynamic Route for CDN (DCDN) allows you to configure a User-Agent blacklist or whitelist to identify and filter requests. This can restrict access to DCDN resources and improve service security. This topic describes how to configure a User-Agent blacklist or whitelist.

Background information

User-Agent is an HTTP header. It contains the information about the client that sends the request, including the operating system (OS), OS version, browser, and browser version.

After you configure a User-Agent blacklist or whitelist, DCDN matches the User-Agent header in requests against the blacklist or whitelist.
  • User-Agent blacklist: Requests whose User-Agent header is in the blacklist are rejected. The HTTP 403 status code is returned to the client.
  • User-Agent whitelist: Only requests whose User-Agent header is in the whitelist are allowed to access resources on DCDN nodes.
Note
  • The blacklist and whitelist are mutually exclusive. You can configure only one of them.
  • If a User-Agent field is added to the blacklist, requests that contain the field can still access DCDN nodes. However, DCDN nodes reject these requests and return an HTTP 403 status code. These requests are recorded in the DCDN logs.

Procedure

  1. Log on to the DCDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the domain name that you want to manage, and click Configure in the Actions column.
  4. In the left-side navigation pane on the details page of the specified domain name, click Access Control.
  5. Click the User-Agent Black/White List tab.
  6. Turn on User-Agent Black/White List and set Type to Blacklist or Whitelist based on your business requirements.
    Configure User-Agent rules
    Parameter Description
    Type
    The following two types of list are supported:
    • Blacklist

      Requests whose User-Agent header is in the blacklist are rejected.

    • Whitelist

      Only requests whose User-Agent header is in the whitelist are allowed to access resources on DCDN nodes.

    Rules When you specify User-Agent fields, separate multiple fields with vertical bars (|). The wildcard character (*) is supported. Example: *curl*|*IE*|*chrome*|*firefox*.
    Note
    You can use ^$ to allow or reject requests with empty User-Agent headers.
    • For a whitelist, ^$ specifies that requests with empty User-Agent headers are allowed to access resources on DCDN nodes.
    • For a blacklist, ^$ specifies that requests with empty User-Agent headers are rejected.
  7. Click OK.

Configuration examples

  • Example 1: Configure a blacklist

    Rule: *IE*|*^$*

    Expected result: Requests sent from Internet Explorer (IE) or that do not contain the User-Agent header are rejected.

  • Example 2: Configure a whitelist

    Rule: *IE*|*firefox*

    Expected result: Only requests sent from IE or Firefox are allowed to access resources on DCDN nodes.