Working with ACLs using the web interface

  Last updated 2018-07-30

Access control lists (ACLs) allow you to store a list of permissions that Varnish will use to grant or restrict access to URLs within a service. You can use the web interface to add, remove, and update ACLs.

Viewing ACLs

To view an ACL, navigate to the ACL management area of your service:

  1. Log in to the Fastly web interface.
  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.

  3. Click the Configuration button and then select View Active.

  4. From the service version menu, select an appropriate service version. The Domains page appears.

  5. Click the Data link. The Data page appears. Existing ACLs, if any, associated with the currently selected service version appear in the Access control lists area.

    an access control list area with two examples on the data page as it appears in the Fastly web interface

NOTE

Remember that ACL containers are versioned. If you don't see an ACL attached to your service, check the service version to make sure you're looking at the right one.

Creating an ACL

ACLs have two parts: an ACL container and the ACL entries within it.

Creating an ACL container

To create an ACL, start by creating an ACL container:

  1. Log in to the Fastly web interface.
  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
  3. Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.

  4. Click the Data link. The Data page appears.

  5. Click Create an ACL. The ACL container name field appears.

    an access control list area on the data page after clicking the create an acl button

  6. In the Name of ACL field, enter a descriptive name for the ACL (e.g., Example ACL).

  7. Click the Add button. The empty ACL container you created appears.

  8. Click the Activate button to deploy your configuration changes to the service version you're editing.

Creating an ACL entry

Once your ACL container is created, add ACL entries into it:

  1. Click the Add address link. The ACL entry fields appear.

    an empty access control list container with blank entry fields as it appears in the Fastly web interface

  2. In the Address field, enter an IP address or subnet mask (a range of IP addresses) to allow or block for this service. To exclude or block an IP address or subnet mask, use an exclamation point (for example, use !192.0.2.0 or !192.0.2.0/24).

  3. In the Comment field, enter an optional comment that describes the IP address or subnet mask.

  4. Click the Add button. The IP address or subnet mask appears in the ACL container. This addition will become effective immediately.

    an access control list, complete with an IP address and a subnet mask, as it appears in the Fastly web interface

Editing an ACL

Keeping in mind their limitations, the containers and entries of ACLs can be edited via the web interface.

Editing an ACL container

You can edit the name of an ACL container that was created via the web interface in any unlocked service version:

  1. Find an ACL associated with an unlocked version of your service.
  2. Click the pencil icon next to the ACL container name.
  3. Change the name, then click the Save button.

Editing an ACL entry

You can edit the ACL entries within a container at any time. To edit an IP address or subnet mask included in an ACL container that was created via the web interface:

  1. Find any ACL associated with your service in which the associated IP addresses or subnet masks appear. Because ACL entries are versionless, the service version you choose doesn't matter. Choose the one that makes the most sense to you.
  2. Hover your cursor over an ACL entry, then click the pencil icon that appears.
  3. Edit the IP address, subnet mask, or comment as necessary.
  4. Click the Save button. The changes you make will be immediately applied to your configuration. If you ACL container has already been associated with a deployed service version, those changes will happen live.

Deleting an ACL

Keeping in mind their limitations, the containers and entries of ACLs can be deleted via the web interface.

Deleting an ACL container

You can delete an ACL container that was created via the web interface in any unlocked service version:

  1. Find an ACL associated with an unlocked version of your service.
  2. Click the trash can icon in the top right corner of the ACL.
  3. Click the Confirm and delete button.
  4. Click the Activate button to deploy your configuration changes to the service version you're editing.

Deleting an ACL entry

You can delete the ACL entries within a container at any time. To delete an IP address or subnet mask included in an ACL container that was created via the web interface:

  1. Find any ACL associated with your service in which the associated IP addresses or subnet masks appear. Because ACL entries are versionless, the service version you choose doesn't matter. Choose the one that makes the most sense to you.
  2. Hover your cursor over an ACL entry, then click the trash can icon that appears.
  3. Click the Confirm and delete button.
Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support.