Working with ACLs using the web interface

Access control lists (ACLs) allow you to store a list of permissions that Varnish will use to grant or restrict access to URLs within a service. You can use the web interface to add, remove, and update ACLs.

Viewing ACLs

To view an ACL, navigate to the ACL management area of your service:

  1. Log in to the Fastly web interface.
  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain. You can also click Compute services or CDN services to access a list of services by type.
  3. Click Configuration and then select View Active.

  4. From the service version menu, select an appropriate service version.

  5. Click Data. The Data page appears. Existing ACLs, if any, associated with the currently selected service version appear in the Access control lists area.

    an access control list area with two examples on the data page as it appears in the Fastly web interface

NOTE

Remember that ACL containers are versioned. If you don't see an ACL attached to your service, check the service version to make sure you're looking at the right one.

Creating an ACL

ACLs have two parts: an ACL container and the ACL entries within it.

Creating an ACL container

To create an ACL, start by creating an ACL container:

  1. Log in to the Fastly web interface.
  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain. You can also click Compute services or CDN services to access a list of services by type.
  3. Click Edit configuration and then select the option to clone the active version.
  4. Click Data.

  5. Click Create an ACL.

    an access control list area on the data page after clicking the create an acl button

  6. In the Name of ACL field, enter a descriptive name for the ACL (e.g., Example ACL).

  7. Click Add. The empty ACL container you created appears.

  8. Click the Activate button to deploy your configuration changes to the service version you're editing.

Creating an ACL entry

Once your ACL container is created, add ACL entries into it:

  1. Click Add address.

    an empty access control list container with blank entry fields as it appears in the Fastly web interface

  2. In the Address field, enter an IP address or subnet mask (a range of IP addresses) to allow or block for this service. To exclude or block an IP address or subnet mask, use an exclamation point (for example, use !192.0.2.0 or !192.0.2.0/24).

  3. In the Comment field, enter an optional comment that describes the IP address or subnet mask.

  4. Click Add. The IP address or subnet mask appears in the ACL container. This addition will become effective immediately.

    an access control list, complete with an IP address and a subnet mask, as it appears in the Fastly web interface

Editing an ACL

Keeping in mind their limitations, the containers and entries of ACLs can be edited via the web interface.

Editing an ACL container

You can edit the name of an ACL container that was created via the web interface in any unlocked service version:

  1. Find an ACL associated with an unlocked version of your service.
  2. Click the pencil next to the ACL container name.
  3. Change the name, then click Save.

Editing an ACL entry

You can edit the ACL entries within a container at any time. To edit an IP address or subnet mask included in an ACL container that was created via the web interface:

  1. Find any ACL associated with your service in which the associated IP addresses or subnet masks appear. Because ACL entries are versionless, the service version you choose doesn't matter. Choose the one that makes the most sense to you.
  2. Hover your cursor over an ACL entry, then click the pencil that appears.
  3. Edit the IP address, subnet mask, or comment as necessary.
  4. Click Save. The changes you make will be immediately applied to your configuration. If you ACL container has already been associated with a deployed service version, those changes will happen live.

Deleting an ACL

Keeping in mind their limitations, the containers and entries of ACLs can be deleted via the web interface.

Deleting an ACL container

You can delete an ACL container that was created via the web interface in any unlocked service version:

  1. Find an ACL associated with an unlocked version of your service.
  2. Click the trash in the top right corner of the ACL.
  3. Click Confirm and delete.
  4. Click Activate to deploy your configuration changes to the service version you're editing.

Deleting an ACL entry

You can delete the ACL entries within a container at any time. To delete an IP address or subnet mask included in an ACL container that was created via the web interface:

  1. Find any ACL associated with your service in which the associated IP addresses or subnet masks appear. Because ACL entries are versionless, the service version you choose doesn't matter. Choose the one that makes the most sense to you.
  2. Hover your cursor over an ACL entry, then click the trash icon that appears.
  3. Click Confirm and delete.
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.