# Network ACLs {% hint style="info" %} You can check more about how to configure a Network ACL [here](/config/network-access-control-list.md) {% endhint %} ## How to use a Network ACL in Auto Provisioning First, take note of the name of the Network ACL, for example `acl_c4_mylist`. Now, create a new VCL configuration cloning the last one. Modify and adapt one of the below examples for your use case. ### Deny list example ```perl # Deny list example sub vcl_recv { if (req.http.host == "www.mydomain.com") { # any required condition to trigger the ACL check if (aclplus.match(client.ip, network_acl.get("acl_c4_mydenylist", "none"))) { # Any action is allowed here, for this example we block the request call deny_request; } } } ``` Use the following conditional to combine multiple deny lists together: ```perl if (aclplus.match(client.ip, network_acl.get("acl_c4_deny1", "none")) || aclplus.match(client.ip, network_acl.get("acl_c4_deny2", "none")) ) { # Block the request if the IP is present in any ACL call deny_request; } ``` ### Allow list example Here we just inverted the condition to transform this into an allow list (only the IPs present in the ACL will be accepted) ```perl # Allow list example (we just inverted the condition, notice the '!') sub vcl_recv { if (req.http.host == "www.mydomain.com") { # any required condition to trigger the ACL check if (!aclplus.match(client.ip, network_acl.get("acl_c4_myallowlist", "none"))) { # Any action is allowed here, for this example we block the request (if the IP doesn't match the ACL) call deny_request; } } } ``` Use the following conditional to combine multiple allow lists together: ```perl if (!aclplus.match(client.ip, network_acl.get("acl_c4_allow1", "none")) && !aclplus.match(client.ip, network_acl.get("acl_c4_allow2", "none")) ) { # Block the request if the IP is not present in any of the ACLs call deny_request; } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.transparentedge.eu/getting-started/dashboard/auto-provisioning/network-acls.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.