search
githubEdit

Network ACLs

circle-info

You can check more about how to configure a Network ACL here

hashtag
How to use a Network ACL in Auto Provisioning

First, take note of the name of the Network ACL, for example acl_c4_mylist.

Now, create a new VCL configuration cloning the last one.

Modify and adapt one of the below examples for your use case.

hashtag
Deny list example

# Deny list example
sub vcl_recv {
    if (req.http.host == "www.mydomain.com") { # any required condition to trigger the ACL check
        if (aclplus.match(client.ip, network_acl.get("acl_c4_mydenylist", "none"))) {
            # Any action is allowed here, for this example we block the request
            call deny_request;
        }
    }
}

Use the following conditional to combine multiple deny lists together:

if (aclplus.match(client.ip, network_acl.get("acl_c4_deny1", "none"))
        || aclplus.match(client.ip, network_acl.get("acl_c4_deny2", "none"))
   ) {
    # Block the request if the IP is present in any ACL
    call deny_request;
}

hashtag
Allow list example

Here we just inverted the condition to transform this into an allow list (only the IPs present in the ACL will be accepted)

Use the following conditional to combine multiple allow lists together:

PreviousSitesNextTLS/SSL Certificates

Last updated

Was this helpful?