- Release Notes and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Getting Started
- Configuration Guide
- Domain Management
- Configure the domain name
- Configuration Overview
- Basic Configurations
- Access Control
- Cache Configuration
- Origin-pull Configuration
- HTTPS Configuration
- Advanced Configuration
- Statistical Analysis
- Purge and Prefetch
- Log Management
- Service Query
- Permission Management
- Best Practice
- API Documentation
- FAQ
- Troubleshooting Methods
- CDN Service Level Agreement
- Glossary
- Release Notes and Announcements
- User Tutorial
- Product Introduction
- Purchase Guide
- Getting Started
- Configuration Guide
- Domain Management
- Configure the domain name
- Configuration Overview
- Basic Configurations
- Access Control
- Cache Configuration
- Origin-pull Configuration
- HTTPS Configuration
- Advanced Configuration
- Statistical Analysis
- Purge and Prefetch
- Log Management
- Service Query
- Permission Management
- Best Practice
- API Documentation
- FAQ
- Troubleshooting Methods
- CDN Service Level Agreement
- Glossary
Configuration Overview
To control the source of access to your business resources, you can use the IP blocklist/allowlist feature in Tencent Cloud CDN.
By configuring an access control policy on IPs of user requests, you can effectively control the source of access, preventing hotlinking by malicious IPs, attacks, etc.
Configuration Guide
Viewing the configuration
Log in to the CDN console, select Domain Management on the left sidebar, and click Manage on the right of a domain name to enter its configuration page. Open the Access Control tab to see the IP Blocklist/Allowlist Configuration section. It is disabled by default.
Enabling the configuration
Toggle on the switch, tick Blocklist or Allowlist, enter the list of IPs or IP ranges, and click OK:
IP blocklist
If a client IP matches an IP or IP range in the blocklist, the accessed CDN node will directly return a 403 status code.
IP allowlist
If a client IP does not match any IP or IP range in the allowlist, the accessed CDN node will directly return a 403 status code.
Configuration limitations
- The IP blocklist and allowlist are mutually exclusive and cannot be configured at the same time.
- Up to 200 entries can be added to the blocklist and allowlist respectively.
- Only IP ranges
/8,/16, and/24are supported. - The format
IP:Portis not supported here.
Disabling the configuration
You can toggle off the switch to disable this feature. When the switch is off, this feature does not take effect in the production environment even if there is an existing configuration. If you toggle the switch on, the configuration will take effect across the entire network after the action is confirmed.
Note:
If your acceleration domain name is configured for global acceleration, the IP blocklist/allowlist will take effect globally. This configuration does not distinguish between requests from regions in and outside the Chinese mainland.
Configuration Sample
If the IP blocklist/allowlist configuration of the domain name www.test.com is as follows:
Then the actual access will be as follows:
- A user with the client IP
1.1.1.1accesses the resourcehttp://www.test.com/test.txt. As the IP matches an IP in the allowlist, the requested content will be returned. - A user with the client IP
2.1.1.1accesses the resourcehttp://www.test.com/test.txt. As the IP does not match any IP in the allowlist, a 403 status code will be returned.
Yes
No
Was this page helpful?