We've been making changes to how we organize and display our docs. Our work isn't done but we'd love your feedback.
Getting started
Basics
Domains & Origins
Performance

Configuration
Basics
Conditions
Dictionaries
Domains & Origins
Request settings
Cache settings
Headers
Responses
Performance
Custom VCL
Image optimization
Video

Security
Access Control Lists
Monitoring and testing
Securing communications
TLS
Web Application Firewall

Integrations
Logging endpoints
Non-Fastly services

Diagnostics
Streaming logs
Debugging techniques
Common errors

Account info
Account management
Billing
User access and control

Reference

    Working with ACLs using the web interface

      Last updated July 30, 2018

    Access control lists (ACLs) allow you to store a list of permissions that Varnish will use to grant or restrict access to URLs within a service. You can use the web interface to add, remove, and update ACLs.

    Viewing ACLs

    To view an ACL, navigate to the ACL management area of your service:

    1. Log in to the Fastly web interface and click the Configure link.
    2. From the service menu, select the appropriate service.
    3. Click the Configuration button and then select View Active.
    4. From the service version menu, select an appropriate service version. The Domains page appears.
    5. Click the Data link. The Data page appears. Existing ACLs, if any, associated with the currently selected service version appear in the Access control lists area.

      an access control list area with two examples on the data page as it appears in the Fastly web interface

    Creating an ACL

    ACLs have two parts: an ACL container and the ACL entries within it.

    Creating an ACL container

    To create an ACL, start by creating an ACL container:

    1. Log in to the Fastly web interface and click the Configure link.
    2. From the service menu, select the appropriate service.
    3. Click the Configuration button and then select Clone active. The Domains page appears.
    4. Click the Data link. The Data page appears.
    5. Click Create an ACL. The ACL container name field appears.

      an access control list area on the data page after clicking the create an acl button

    6. In the Name of ACL field, type a descriptive name for the ACL (e.g., Example ACL).
    7. Click the Add button. The empty ACL container you created appears.
    8. Click the Activate button to deploy your configuration changes to the service version you're editing.

    Creating an ACL entry

    Once your ACL container is created, add ACL entries into it:

    1. Click the Add address link. The ACL entry fields appear.

      an empty access control list container with blank entry fields as it appears in the Fastly web interface

    2. In the Address field, type an IP address or subnet mask (a range of IP addresses) to allow or block for this service. To exclude or block an IP address or subnet mask, use an exclamation point (for example, use !192.0.2.0 or !192.0.2.0/24).

    3. In the Comment field, type an optional comment that describes the IP address or subnet mask.
    4. Click the Add button. The IP address or subnet mask appears in the ACL container. This addition will become effective immediately.

      an access control list, complete with an IP address and a subnet mask, as it appears in the Fastly web interface

    Editing an ACL

    Keeping in mind their limitations, the containers and entries of ACLs can be edited via the web interface.

    Editing an ACL container

    You can edit the name of an ACL container that was created via the web interface in any unlocked service version:

    1. Find an ACL associated with an unlocked version of your service.
    2. Click the pencil icon next to the ACL container name.
    3. Change the name, then click the Save button.

    Editing an ACL entry

    You can edit the ACL entries within a container at any time. To edit an IP address or subnet mask included in an ACL container that was created via the web interface:

    1. Find any ACL associated with your service in which the associated IP addresses or subnet masks appear. Because ACL entries are versionless, the service version you choose doesn't matter. Choose the one that makes the most sense to you.
    2. Hover your cursor over an ACL entry, then click the pencil icon that appears.
    3. Edit the IP address, subnet mask, or comment as necessary.
    4. Click the Save button. The changes you make will be immediately applied to your configuration. If you ACL container has already been associated with a deployed service version, those changes will happen live.

    Deleting an ACL

    Keeping in mind their limitations, the containers and entries of ACLs can be deleted via the web interface.

    Deleting an ACL container

    You can delete an ACL container that was created via the web interface in any unlocked service version:

    1. Find an ACL associated with an unlocked version of your service.
    2. Click the trash can icon in the top right corner of the ACL.
    3. Click the Confirm and delete button.
    4. Click the Activate button to deploy your configuration changes to the service version you're editing.

    Deleting an ACL entry

    You can delete the ACL entries within a container at any time. To delete an IP address or subnet mask included in an ACL container that was created via the web interface:

    1. Find any ACL associated with your service in which the associated IP addresses or subnet masks appear. Because ACL entries are versionless, the service version you choose doesn't matter. Choose the one that makes the most sense to you.
    2. Hover your cursor over an ACL entry, then click the trash can icon that appears.
    3. Click the Confirm and delete button.
    Back to Top

    Additional resources: