All Products
Search
Document Center

Edge Security Acceleration:Configure a User-Agent blacklist or whitelist

Last Updated:Feb 06, 2024

Dynamic Content Delivery Network (DCDN) allows you to configure a User-Agent blacklist or whitelist to identify and filter requests. This way, you can restrict access to DCDN resources and improve service security. This topic describes how to configure a User-Agent blacklist or whitelist.

Procedure

  1. Log on to the DCDN console.

  2. In the left-side navigation pane, click Domain Names.

  3. On the Domain Names page, find the domain name whose acceleration region you want to change and click Configure.
  4. In the left-side navigation tree of the domain name, click Access Control.

  5. Click the User-Agent Blacklist/Whitelist tab.

  6. Turn on User-Agent Blacklist/Whitelist and configure a Blacklist or Whitelist as prompted.

    UA规则设置

    Parameter

    Description

    Type

    The following types of lists are supported:

    • Blacklist

      Requests whose User-Agent header matches a value in the blacklist are rejected, with HTTP status code 403 returned.

    • Whitelist

      Only requests whose User-Agent header is in the whitelist are allowed to access resources on DCDN points of presence (POPs).

    Rules

    When you specify User-Agent fields, separate multiple fields with vertical bars (|). The wildcard character (*) is supported. Example: *curl*|*IE*|*chrome*|*firefox*.

    Note
    • If you want to perform access control for requests whose User-Agent headers are empty, you can use the caret and dollar sign (^$) to specify that the value of the User-Agent header is empty.

      • If ^$ is included in the rules of a whitelist, requests whose User-Agent header is empty are allowed.

      • If ^$ is included in the rules of a blacklist, which indicates that the request whose User-Agent header is empty, the request is rejected.

    • User-Agent blacklist and whitelist do not support access control for requests that do not contain a User-Agent header. You can use EdgeScript or submit a ticket to enable the feature. For more information, see EdgeScript overview.

  7. Click OK.

Configuration examples

  • Example 1: Configure a blacklist

    Rules: *IE*|*^$*

    Expected result: Requests sent from Internet Explorer (IE) or that do not contain the User-Agent header are rejected.

  • Example 2: Configure a whitelist

    Rules: *IE*|*firefox*

    Expected result: Only requests that are sent from IE or Firefox are allowed to access resources on POPs.