You can add the list of Dynamic Content Delivery Network (DCDN) point of presence (POP) IP addresses to your origin firewall rules. This enables only traffic routed through verified IP addresses to reach your origin and thereby safeguard your business.
Feature availability
Basic | Standard | Advanced | Enterprise | |
Available or not | No | No | No | Yes |
Overview
To shield your origin against malicious attacks or unauthorized access from external IP addresses, you can configure firewall rules to maintain an IP address whitelist. This way, only requests from trusted IP addresses can reach your origin.
After you enable origin protection, DCDN lists the IPv4 and IPv6 addresses of all POPs. You must add these IP addresses to the whitelist.
Any updates to the POP IP address list are promptly sent to you by internal messages and emails. You can then adjust the firewall and security group settings accordingly, ensuring that DCDN POPs can access your origin as expected.
Usage notes
If you pause DCDN for your website, you must manually modify the firewall rules of your origin to ensure subsequent access to the origin.
If your origin is deployed on an Elastic Compute Service (ECS) instance, you can modify the inbound rules in the security group to allow requests from only IP addresses in the whitelist to be routed to your origin. For more information, see Modify a security group rule.
Procedure
Log on to the ESA console.
In the left-side navigation pane, click Websites.
On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.
In the left-side navigation tree, choose .
In the Origin Protection section, turn on the Origin Protection switch. Then the system lists the IP addresses of all DCDN POPs.
Copy the IP addresses in the IP Address List section to the whitelist settings of your origin server.
