All Products
Search

This Product

    ApsaraVideo VOD:Configure a User-Agent blacklist or whitelist

    Document Center

    ApsaraVideo VOD:Configure a User-Agent blacklist or whitelist

    Last Updated:Jan 26, 2026

    User-Agent is an HTTP header. The header contains information about the client that makes the request, including the OS, OS version, browser, and browser version. You can configure a User-Agent blacklist or whitelist to identify and filter users. This helps you control access to resources and improve the security of resources in ApsaraVideo VOD. This topic describes how to configure a User-Agent blacklist or whitelist.

    Usage notes

    • Whitelist: Only HTTP requests with a User-Agent header that is on the whitelist can access resources.

    • Blacklist: HTTP requests with a User-Agent header that is on the blacklist cannot access the specified resource.
      If a request's User-Agent header is on the blacklist, the request can still reach the CDN point of presence (POP). However, the POP rejects the request and returns a 403 status code. These requests are still recorded in CDN logs.

    • The blacklist and whitelist are mutually exclusive and cannot be configured at the same time.

    Procedure

    1. Log on to the ApsaraVideo VOD console.

    2. In the left-side navigation pane, choose Configuration Management > CDN Configuration > Domain Names.

    3. Find the domain name that you want to configure and click Configure.

    4. In the navigation pane on the left, click Resource Access Control.

    5. Click the UA Blacklist/Whitelist tab.

    6. On the UA Blacklist/Whitelist tab, click Modify.

    7. Configure a Blacklist or Whitelist for the User-Agent as prompted.

      UA黑/白名单

      Parameters

      description

      Type

      The following are the User-Agent list types:

      • Blacklist

        If the User-Agent field in an HTTP request header matches a value in the blacklist, the request is rejected and an HTTP 403 status code is returned.

      • Whitelist

        Only requests whose User-Agent field in the HTTP request header matches a value in the whitelist are allowed to access resources on the accelerated domain name.

      Rules

      When you specify User-Agent values, separate multiple values with vertical bars (|). You can use the asterisk (*) wildcard character. Example: *curl*|*IE*|*chrome*|*firefox*.

      Note

      • To control access for requests that contain an empty User-Agent header, use the this-is-empty-ua parameter to represent an empty User-Agent value.

        • Whitelist: If the rules contain this-is-empty-ua, requests that contain an empty User-Agent header are allowed.

        • Blacklist: If the rules contain this-is-empty-ua, requests that contain an empty User-Agent header are rejected.

      • The User-Agent blacklist and whitelist do not support access control on requests that do not contain the User-Agent header. You can use EdgeScript to enable the feature. For more information, see EdgeScript overview.

    8. Click OK to save the configuration.

    Sample configurations

    • Example 1: Whitelist

      Rule: *IE*|*firefox*

      Only requests from Internet Explorer or Firefox can access the resource. All other requests are denied.

    • Example 2: Blacklist

      Rule: *IE*|this-is-empty-ua

      Expected result: Requests that are sent from IE or contain an empty User-Agent header are rejected.