Skip to main content

Creating ACL rules

You can create and customize your access control lists (ACL, i.e. whitelist/blacklist) using classless inter-domain routing/internet protocol (CIDR/IP) and/or geolocation rules.

You can create up to 500 rules for each domain, whitelist and blacklist combined. These rules will be applied across all CDNs.

To create ACL rules, navigate to ' Origin Shield' > 'Access control'.

You need to set the target domain from the ' Operation level panel'.

On the header you will see the total amount of rules that you have used for this domain.

![Figure Needed: Screenshot showing the Access control page with rule count display]

To create a CIDR/IP rule, select either 'Whitelist' or 'Blacklist', then click the 'Add CIDR/IP' button.

![Figure Needed: Screenshot showing the Add CIDR/IP button options for whitelist and blacklist]

You can enter multiple CIDR/IP entries in the entry field. Each line will use up one rule.

![Figure Needed: Screenshot showing the CIDR/IP entry field with multiple IP addresses]

After hitting the 'Save' button, the rule should be applied immediately for your domain across all CDNs.

Geolocation rule

To create a geo rule, select either 'Whitelist' or 'Blacklist', then click the 'Add geo' button.

![Figure Needed: Screenshot showing the Add geo button options]

You can select whether you like to 'include' or 'exclude' the locations that you will select.

![Figure Needed: Screenshot showing include/exclude location selection options]

For blacklist:

  • choosing 'Include selected location' - will include ALL the chosen locations to the blacklist.
  • choosing 'Exclude selected location' - will include ALL the unchosen locations to the blacklist.

For whitelist:

  • choosing 'Include selected location' - will include ALL the chosen locations to the whitelist.
  • choosing 'Exclude selected location' - will include ALL the unchosen locations to the whitelist.

Each location will use up one rule.

After hitting the 'Save' button, the rule should be applied immediately for your domain across all CDNs.

Priority Rules

If there are the same CIDR/IP or geolocation rule in both blacklist and whitelist, the whitelist takes precedence over the blacklist. Also, CIDR/IP rules take precedence over geolocation rules.