Create Access Control
This API is used to configure access control for the website acceleration service.
Request
Request-Line
POST /cdn/v1.0/services/{serviceId}/accessControl HTTP/1.1
Request Parameters
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| serviceId | Integer | Mandatory | The unique identifier of the website acceleration service. |
Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| policyName | String | Mandatory | Policy name for access control. |
| type | String | Mandatory | Access control type, could be "allow", "deny" or "token". |
| matchUrlPath | Object | Mandatory | URL path matching configuration that determines which requests the rule applies to. See Match Url Path for details. |
| priority | Integer | Mandatory | Priority weight for the rule. Rules with a higher weight take precedence. The weight must be non-zero. |
| matchQueryString | Object | Optional | Query-string matching configuration used to refine which requests the rule applies to. See Match Query String for details. |
| ipRestriction | String | Optional | Comma-separated list of ips/networks.Only requests from these subnets are allowed, other requests will be rejected with 403 Forbidden response. |
| geoRestriction | String | Optional | Comma-separated list of geographic locations to be matched. Each location should be specified as a 2-letter ISO3166 code. E.g "SG,GB". |
| anonymousIp | Boolean | Optional | Set true to apply for anonymous IP, set false to apply for non anonymous IP. Default is false. |
| tokenSecret | String | Optional | Field tokenSecret is only for type "token".Comma-separated list of tokens.Each token should have 64 characters,Each character must be numeric or lowercase letter. |
| enabled | Boolean | Optional | Flag indicating whether the rule is active. Default is true. |
Object: Match Url Path
| Parameter | Type | Required | Description |
|---|---|---|---|
| operator | String | Mandatory | Defines how to match the field. Supported values:prefix,regex,equals,suffix. |
| patterns | String[] | Mandatory | List of patterns matching the URL path string. |
Object: Match Query String
| Parameter | Type | Required | Description |
|---|---|---|---|
| operator | String | Mandatory | Defines how to match the field. Supported values:prefix,regex,equals,suffix. |
| patterns | String[] | Mandatory | List of patterns matching the URL query string. |
Response
Response Body
| Parameter | Type | Description |
|---|---|---|
| policyId | Integer | Policy ID number for access control. |
| policyName | String | Policy name for access control. |
| type | String | Access control type, could be "allow", "deny" or "token". |
| matchUrlPath | Object | URL path matching configuration that determines which requests the rule applies to. See Match Url Path for details. |
| matchQueryString | Object | Query-string matching configuration used to refine which requests the rule applies to. See Match Query String for details. |
| priority | Integer | Priority weight for the rule. Rules with a higher weight take precedence. The weight must be non-zero. |
| ipRestriction | String | Comma-separated list of ips/networks.Only requests from these subnets are allowed, other requests will be rejected with 403 Forbidden response. |
| geoRestriction | String | Comma-separated list of geographic locations to be matched. Each location should be specified as a 2-letter ISO3166 code. E.g "SG,GB". |
| anonymousIp | Boolean | Set true to apply for anonymous IP, set false to apply for non anonymous IP. Default is false. |
| tokenSecret | String | Field tokenSecret is only for type "token".Comma-separated list of tokens.Each token should have 64 characters,Each character must be numeric or lowercase letter. |
| enabled | Boolean | Flag indicating whether the rule is active. Default is true. |
Status Codes, Error Codes and Error Messages
| Status Code | Error Code | Error Message |
|---|---|---|
| 400 | Request.BadRequest | Bad request. |
| 400 | InvalidCustomer.IdEmpty | Customer id can be empty or invalid. |
| 400 | InvalidService.IdIncorrect | Service id is empty or invalid. |
| 400 | ServiceId.IdPermission | ServiceId can not be found or unknown. |
| 400 | Invalid.PolicyName | Policy name is required. |
| 400 | InvalidPolicy.TypeEmpty | Policy type can not be empty. |
| 400 | InvalidPolicy.AccessType | Policy access type must be one of the following values 'allow','deny','token'. |
| 400 | InvalidPolicy.MatchURLIncorrect | The matchUrlPath can not be empty. |
| 400 | InvalidPolicy.Operator | Operator must be one of the following: prefix,regex,equals or suffix. |
| 400 | InvalidPolicy.MatchUrlPathPatternsIncorrect | The MatchUrlPath patterns could not be empty. |
| 400 | InvalidPolicy.Priority | Priority is required. |
| 400 | InvalidPolicy.IpRestriction | Ip restriction format is incorrect,Supported formats: 172.31.31.0, 172.31.31.0/255.255.255.0, 172.31.32.0/24. |
| 400 | InvalidPolicy.GeoFormat | Geo restriction format is incorrect. |
Examples
Create Access Control
Request
POST /cdn/v1.0/services/{serviceId}/accessControl HTTP/1.1
{
"policyName":"accetss",
"matchUrlPath":{
"operator":"suffix",
"patterns":["/wp-content/web/"]
},
"matchQueryString":{
"operator":"prefix",
"patterns":["/"]
},
"priority":123,
"type":"token",
"geoRestriction":"US,CN",
"ipRestriction":"172.16.12.1",
"anonymousIp":true,
"tokenSecret":"bdfy7r6jflo3iydy9zxigkl5m0hte6d423d45dfg6gavo07xvmtc4tzsdc9yxyjy",
"enabled":true
}
Successful Response Body
{
"policyId": 261951,
"policyName": "accetss",
"type": "token",
"matchUrlPath": {
"operator": "suffix",
"patterns": [
"/wp-content/web/"
]
},
"matchQueryString": {
"operator": "prefix",
"patterns": [
"/"
]
},
"priority": 123,
"ipRestriction": "172.16.12.1",
"geoRestriction": "CN,US",
"anonymousIp": false,
"tokenSecret": "bdfy7r6jflo3iydy9zxigkl5m0hte6d423d45dfg6gavo07xvmtc4tzsdc9yxyjy",
"enabled": true
}