API
The Gcore Customer Portal is being updated. Screenshots may not show the current version.
CDN
CDN
BillingCDN resources overviewOrigin groupPurgePrefetchReports
API
Chosen image
Home/CDN/CDN resource options/Access/Manage access policies

Control access to the content with country, referrer, IP, and User agents policies

Referrer access policy

Referrer access policy is a restriction to publish the links to content on your site on other sites. To enable the option navigate to CDN resources, click Settings of the resource, choose the Advanced Settings tab, in the Access (Security) click Add policy and find Referrer access policy. 

By default, there are no restrictions by referrer to your CDN resource. You can set up allow or block Policy.

Allow referrer policy

Allow referrer policy

Specify domains to which you would like to block access.

  • www.domain.com if you want to block access to the specific domain
  • *.domain.com  if you want to block access to all subdomains of domain.com

When users request data from specified domains, they will get the denial of access.

Block referrer policy

Block referrer policy

Specify the domains which you would like to allow access to.

  • www.domain.com if you want to allow access to the specific domain
  • *.domain.com if you want to allow access to all subdomains of domain.com

When a user requests data from other domains, they will get the denial of access.

You can specify domains only one by one via the Gcore Customer Portal. To add the list of the domains use API.

Country access policy

You can limit access to your content for listed countries. To enable the option navigate to CDN resources, click Settings, open the Advanced Settings, in the Access (Security) click Add policy and find Country access policy. 

By default, there are no restrictions by country to your CDN resource. You can set up allow or block policy.

Note: You can specify countries only one by one via the Gcore Customer Portal. To add the list of the countries, use API.

Allow country access policy

Access to the resource is allowed for all the countries except for the specified in the field.

Allow country access policy

Block country access policy

Access to the resource is denied for all the countries except for the specified in the field.

Block country access policy

IP access policy

You can limit access to your content to IP ranges.

In CDN resource settings choose Show Advanced Settings, in the Access (Security) click Add policy and find IP access policy. 

By default, there are no restrictions by IP to your CDN resource. You can set up Allow or Block policy.

The option supports IPv4 and IPv6 addresses.

You can specify IPs only one by one via the Gcore Customer Portal. To add the list of the IPs use API.

Allow IP policy

Access to the resource is allowed for all the IPs except for the specified in the field.

Allow IP policy

Block IP policy

Access to the resource is denied for all the IPs except for the specified in the field.

Block IP policy

User agent access policy

You can limit access to your CDN content for User agents, for example, for certain browsers, consoles or some other devices.

In CDN resource settings choose Show Advanced Settings, find Access (Security), click Add policy and find User agents policy. 

By default access to the resource is allowed for all the kinds of User Agents. You can set up the allow or block policy.

Set via the Customer Portal

To set the user agents using the Gcore Customer Portal:

1. Go to CDN and select the CDN resource you want to configure.

Set via the Gcore Customer Portal

2. In the sidebar, under the "Access" section, select User agents policy.

Access

3. Toggle "Enable user agents policy" and choose either the Allow by default or Block by default option:

  • Selecting Allow by default allows access for all user agents except those specified.
  • Choosing Block by default blocks access for all user agents except those specified.
Enable user agents policy

4. Set one or more user agents in the User-Agent select box. Accepted values are:

  • Empty value. This appears as an option in the select box. Select this value to allow or block incoming requests that do not have a User-Agent header.
Empty value
  • User agent string. Enter one or more unique user agents. The maximum length of each string is 255 characters. If you need to increase this limit, you can contact our support team.
User agent string

Note: User-Agent text box cannot be left blank.

5. Click Save changes. Allow at least 15 minutes for the changes to take effect.

Save changes.

Set via the API

To set the user agents using the API, the request must include the user_agent_acl object. The following is a sample code for the object:

"options": {  
    "user_agent_acl": {  
       "enabled": true,  
       "policy_type": "allow",  
       "excepted_values": [  
          "",  
          "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"  
      ]  
   }  
}

Request properties

The user_agent_acl object passes the following information:

Property Description
enabled This property indicates whether to enable the User Agents Policy. Possible values:
  • true enables the option
  • false disables the option
policy_type This property indicates the action to apply to the matching request. Possible values:
  • allow allows the request
  • deny blocks the request
excepted_values This property is an array of user agents to allow or block. The array must contain at least 1 item. Possible values:
  • two double quotation marks without a space in-between ("") represents the empty value
  • a string that represents the user agent, with a maximum length of 255 characters; if you need to increase this limit, you can contact our support team

Example

This example shows a CDN update request that activates the User Agents Policy and blocks the requests without a User agent header.

CDN update request

Was this article helpful?

Not a Gcore user yet?

Learn more about our next-gen CDN

Go to the product page