Skip to main content

WAF Access Control

WAF Access Control provides comprehensive IP and geographic access management, enabling precise control over traffic reaching your origin servers through allowlists, blocklists, and geographic restrictions.

Current Service Status

Note: Access Control rules have immediate effect with up to 5-second propagation time across all global edge locations

Quick Start

For Basic Access Control Setup

  1. Configure IP Allowlist - Add trusted IP addresses or CIDR ranges
  2. Set Geographic Restrictions - Block or allow specific countries/regions
  3. Test and Validate - Verify rules work as expected before applying broadly
  4. Monitor and Adjust - Review access logs and adjust rules as needed

Overview

The Access Control feature allows setting up access control lists based on IP addresses (CIDR/IP) or geographical locations (Geo), including two types of lists: Whitelist and Blacklist. This is the first layer of protection, helping to block unauthorized access to the origin through the Origin Shield layer.

Configuration Interface

The Access Control interface is divided into two main tabs:

  • Whitelist: Allow list. Access from IPs or regions in the whitelist will always be prioritized.
  • Blacklist: Block list. Access from IPs or regions in the blacklist will be denied, unless they match the whitelist.

The system supports a maximum of 500 rules for each type of list.

Note: The Whitelist will take priority over the Blacklist in case of conflicts.

CIDR / IP Configuration

In the CIDR / IP section, you can enter one or more IP addresses or address ranges (CIDR format), for example:

1.1.1.1  
10.3.1.0/24
  • Add CIDR / IP: Opens form to enter list of IPs to allow or block.
  • Search CIDR / IP: Supports quick search within the configured list.
  • IP List displays an information table including configured addresses, with pagination and row display options.

Geographical (Geo) Configuration

In the Geo section, you can configure access lists by country:

  • Add Geo: Opens form to configure geographical regions.

  • Configuration Types:

    • Include Selected Location: Only allow access from selected countries.
    • Exclude Selected Location: Block access from selected countries.

  • Location: The list of selected countries will be displayed in the table below.

Deleting IP or Region Operations

To delete an IP or region from the control list:

  1. Check the corresponding box for the item to be deleted (example: Afghanistan).
  2. Click the Delete (x) button in the top-right corner of the list table.

The system will automatically update after the deletion operation is completed.

Getting Support

Access Control Configuration: Contact VNIS security team for advanced access control setup and geographic restriction guidance
Rule Optimization: Get expert assistance for access control rule optimization and performance tuning
Incident Response: 24/7 support for access control related security incidents and troubleshooting