In the Alibaba Cloud Security Control console, you can set the Content Delivery Network (CDN) whitelist. You can allow the access of IP addresses from a CDN vendor by trusting the vendor.

Background information

The IP addresses in the CDN whitelist are provided by third-party CDN vendors. You can set the vendors as trusted ones based on business demands. Alibaba Cloud adds all IP addresses for CDN services from the trusted vendors to the CDN whitelist. Access by these IP addresses to ECS instances in your account is not restricted by Security Control, allowing CDN services to run normally.
Notice IP addresses in the CDN whitelist are provided by third-party vendors. Unless indicated in Alibaba Cloud service terms, Alibaba Cloud shall not be held liable for any intrusions or losses caused by the use of the CDN whitelist. Check the risks and proceed with caution. Once you, either an organization or individual, discover risks incurred by a third-party vendor, you should promptly notify Alibaba Cloud of these risks in writing, and provide evidentiary materials. Alibaba Cloud will actively troubleshoot and delete risky IP addresses from the CDN whitelist.
Note
  • After a vendor is set as a trusted vendor, all the IP addresses provided by the vendor (continuously updated based on information provided by the vendor) are added to the CDN whitelist.
  • If you cannot access the CDN services of a vendor, request the vendor to update the whitelist of IP addresses provided for Alibaba Cloud.
  • If you discover risky IP addresses in the whitelist provided by a vendor, promptly contact Alibaba Cloud and provide evidentiary materials. Alibaba Cloud will actively troubleshoot and delete the risky IP addresses from the whitelist provided by the vendor.

Procedure

  1. Log on to the Alibaba Cloud Security Control console.
    Note Move your cursor to the account icon in the upper-right corner of the Alibaba Cloud console, and click Security Console to go to the Alibaba Cloud Security Control console.
  2. Choose Whitelist > CDN Whitelist. On the page that is displayed, click Add.
  3. Select a vendor from the list of vendors on the left, and click the right arrow button to add the selected vendor to the list of trusted vendors on the right. Click OK. In this way, the selected vendor is set as a trusted vendor. All IP addresses for CDN services from this vendor are automatically added to the CDN whitelist, and access from these IP addresses to the ECS instances in your account is not restricted by Security Control.
    Note Before clicking OK, carefully read the "Terms Governing the Use of CDN Whitelist" and select Agreed "Terms Governing the Use of CDN Whitelist".
  4. After a vendor has been set as a trusted vendor, you can view the record of this vendor on the CDN Whitelist page. You can select a trusted CDN vendor and click Invalid to invalidate the whitelist provided by this vendor.