Customer SupportGet Expert Help
Skip to main content

Access Control

Access control leverages policies, including whitelist, blacklist, token-based access, and rate limiting, to control users' access. If multiple policies match a request, the policy with higher priority will be applied.

Whitelist Policy

Requests that do not match the whitelist rules are rejected with an HTTP 403 response.

  • URL Path – Match by prefix, suffix, exact, or regex.
  • Query String – Match by prefix, suffix, exact, or regex.
  • GEO-Restriction – Allowed countries.
  • IP/Network Restriction – Allowed source IP ranges.
  • Anonymous IP Restriction – Allow or block anonymous IPs.
  • Priority – Determines precedence when conflicts occur.
add whitelist

Blacklist Policy

Requests matching the blacklist rules are rejected with an HTTP 403 response.

  • URL Path – Match by prefix, suffix, exact, or regex.
  • Query String – Match by prefix, suffix, exact, or regex.
  • GEO-Restriction – Blocked countries.
  • IP/Network Restriction – Blocked source IP ranges.
  • Anonymous IP Restriction – Allow or block anonymous IPs.
  • Priority – Determines precedence when conflicts occur.
add blacklist

Token Access Policy

CDN checks the token access signature of the requests. Invalid signatures are rejected with HTTP 403.

  • URL Path – Paths requiring signature verification.
  • Query String – Query parameters requiring signature verification.
  • GEO-Restriction – Countries requiring verification.
  • IP/Network Restriction – IP ranges requiring verification.
  • Token Secret – Secrets used to generate signatures (multiple allowed; must be securely stored).
  • Priority – Determines precedence when conflicts occur.
add token access

Rate Limiting

Rate limiting restricts the number of requests from the same user IP within a defined time window. Requests exceeding the limit are rejected with HTTP 403 until the next time window starts.

  • Request – Maximum number of requests per time window.
  • Time Window – Duration in seconds before counters reset.
  • Ignore URL Path – When enabled, different URLs from the same IP are counted separately.
  • Ignore Query String – When enabled, different query strings for the same URL are counted separately (this option applies only when Ignore URL Path is disabled).
set ratelimit