Configuration Overview
Tencent Cloud CDN supports configuring User-Agent (UA) blocklist/allowlist rules for access control.
CDN checks the User-Agent
field in HTTP request headers based on the rules to allow or reject user access requests.
Configuration Guide
Configuration limitations
The blocklist and allowlist cannot be set at the same time. Please set either the blocklist rules or the allowlist rules.
Maximum number of blocklist/allowlist rules: 10
Rules support the wildcard *
. Please separate multiple values with |
.
Supported effect types: all content, file extension, file directory, and specified file. Regular matching is currently not supported.
Configuration instructions
Log in to the CDN Console, select Domain Management on the left sidebar, and then click Manage on the right of a domain name to enter its configuration page. Select Access Control tab to find the UA blocklist/allowlist configuration, which is disabled by default:
When the switch is toggled off, click Add Rule to add blocklist/allowlist rules one by one:
Note:
1. Supports wildcard * and multiple values, such as curl*|*IE*|*Chrome*|*firefox*.^$ represents an empty user agent. If the rule content contains an empty User-Agent, the following processing will be performed:
In a whitelist scenario, if the User-Agent in the request is empty, the request is allowed.
In a blacklist scenario, if the User-Agent in the request is empty, the request will be rejected.
2. If there is no *
, all characters will be used for exact match.
The overall configuration will be disabled after a rule is added, so the ongoing services will not be affected:
You can toggle the switch on to officially deploy the configured UA blocklist/allowlist.
Configuration Samples
The UA blocklist/allowlist configuration of cloud.tencent.com
is as follows:
If User-Agent
in the HTTP request header is as follows: user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
The blocklist will be hit and a 403 error will be directly returned.
Was this page helpful?