Working with ACLs using the web interface
Last updated 2018-07-30
Access control lists (ACLs) allow you to store a list of permissions that Varnish will use to grant or restrict access to URLs within a service. You can use the web interface to add, remove, and update ACLs.
Viewing ACLs
To view an ACL, navigate to the ACL management area of your service:
- Log in to the Fastly web interface.
- From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
Click the Configuration button and then select View Active.
From the service version menu, select an appropriate service version. The Domains page appears.
Click the Data link. The Data page appears. Existing ACLs, if any, associated with the currently selected service version appear in the Access control lists area.
NOTE
Remember that ACL containers are versioned. If you don't see an ACL attached to your service, check the service version to make sure you're looking at the right one.
Creating an ACL
ACLs have two parts: an ACL container and the ACL entries within it.
Creating an ACL container
To create an ACL, start by creating an ACL container:
- Log in to the Fastly web interface.
- From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
- Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.
Click the Data link. The Data page appears.
Click Create an ACL. The ACL container name field appears.
In the Name of ACL field, enter a descriptive name for the ACL (e.g.,
Example ACL
).Click the Add button. The empty ACL container you created appears.
Click the Activate button to deploy your configuration changes to the service version you're editing.
Creating an ACL entry
Once your ACL container is created, add ACL entries into it:
Click the Add address link. The ACL entry fields appear.
In the Address field, enter an IP address or subnet mask (a range of IP addresses) to allow or block for this service. To exclude or block an IP address or subnet mask, use an exclamation point (for example, use
!192.0.2.0
or!192.0.2.0/24
).In the Comment field, enter an optional comment that describes the IP address or subnet mask.
Click the Add button. The IP address or subnet mask appears in the ACL container. This addition will become effective immediately.
Editing an ACL
Keeping in mind their limitations, the containers and entries of ACLs can be edited via the web interface.
Editing an ACL container
You can edit the name of an ACL container that was created via the web interface in any unlocked service version:
- Find an ACL associated with an unlocked version of your service.
- Click the pencil icon next to the ACL container name.
- Change the name, then click the Save button.
Editing an ACL entry
You can edit the ACL entries within a container at any time. To edit an IP address or subnet mask included in an ACL container that was created via the web interface:
- Find any ACL associated with your service in which the associated IP addresses or subnet masks appear. Because ACL entries are versionless, the service version you choose doesn't matter. Choose the one that makes the most sense to you.
- Hover your cursor over an ACL entry, then click the pencil icon that appears.
- Edit the IP address, subnet mask, or comment as necessary.
- Click the Save button. The changes you make will be immediately applied to your configuration. If you ACL container has already been associated with a deployed service version, those changes will happen live.
Deleting an ACL
Keeping in mind their limitations, the containers and entries of ACLs can be deleted via the web interface.
Deleting an ACL container
You can delete an ACL container that was created via the web interface in any unlocked service version:
- Find an ACL associated with an unlocked version of your service.
- Click the trash can icon in the top right corner of the ACL.
- Click the Confirm and delete button.
- Click the Activate button to deploy your configuration changes to the service version you're editing.
Deleting an ACL entry
You can delete the ACL entries within a container at any time. To delete an IP address or subnet mask included in an ACL container that was created via the web interface:
- Find any ACL associated with your service in which the associated IP addresses or subnet masks appear. Because ACL entries are versionless, the service version you choose doesn't matter. Choose the one that makes the most sense to you.
- Hover your cursor over an ACL entry, then click the trash can icon that appears.
- Click the Confirm and delete button.
Do not use this form to send sensitive information. If you need assistance, contact support.