Access Control Lists
These articles describe how to restrict access to resources by whitelisting or blacklisting IP addresses with Access Control Lists (ACLs).
Malicious actors can present themselves in a variety of ways on the internet. Automated tools can scrape information from your website, bots can probe your application for vulnerabilities, and hackers can exploit them. If you detect threats like these, you may want to use an ACL to prevent the offending IP addresses from ever accessing your information resources again. An ACL is a list of permissions that Varnish uses to grant or restrict access to URLs within your services.
Ways of creating ACLs
There are two ways of creating ACLs for your Fastly services. You can use Edge ACLs to programmatically create and manipulate ACLs with the Fastly API, or you can manually create the ACL in VCL and upload it:
- Edge ACLs: You can use Edge ACLs to attach an ACL to a service with versionless ACL entries that are stored separately from your VCL configuration. You can use the Fastly API to programmatically add, remove, and update ACLs and their entries. We recommend this option if you want to integrate your website or application with an ACL.
- Uploading custom VCL: You can manually create an ACL in VCL and upload it. We recommend this option if you have simple access control requirements and can hardcode a few IP addresses in your VCL. ACLs that are manually created are versioned with your services, and any changes to the ACL will require changes to your VCL.