Access control configuration

You can use access-control management to set up and configure referrer blacklists and whitelists, and thereby implement an anti-theft chain.

    • If you set up a blacklist, access is denied if the referrer is in the blacklist, but it is otherwise permitted.
  • If you set up a whitelist, access is permitted only if the referrer is one of the domain names in the whitelist.


Method Request URI

URI parameter

Parameter name Description
subscriptionId Subscription unique identifier
endpointId Target node unique identifier

Request header

Request header Description
x-azurecdn-request-date Required. Enter the current UTC request time in yyyy-MM-dd hh:mm:ss format.
Authorization Required. Refer to CDN API signing mechanism for authorization headers.
content-type Required. application/json

Request body

  "ForbiddenIps": [
  "RefererControl": {
    "Enabled": "true",
    "PathPatterns": [
    "Referers": [
    "RefererControlType": "AllowList"
Parameter name Description
ForbiddenIps List of forbidden IPs
PathPatterns [anti-]theft link file path connection
Referers [anti-]theft link connection
RefererControlType Anti-theft chain type
  • AllowList: A whitelist, which allows links for only the matching referrers to access the matching PathPatterns paths.
  • BlockList: A blacklist, with links to matching referrers who will be denied access if they attempt to access the matching PathPatterns paths.


A response comprises a status code, response headers, and a response body.

Status code

Status code Description
202 Indicates that the server has successfully accepted the request.
Other General response indicating that an error has occurred.

Response header

Response header Description
X-Correlation-Id The request’s unique identifier, which is used to track request information.

Response body

JSON example for request succeeded:

  "Succeeded": true,
  "IsAsync": true,
  "AsyncInfo": {
    "TaskTrackId": "b520c544-ec34-4ac4-86f5-5394363919c3",
    "TaskStatus": "Processing"
Parameter name Description
TaskTrackId The operation's unique identifier, which can be used to query progress.
TaskStatus Task status
  • NotSet: State not set
  • Processing: Currently processing
  • Succeeded: Succeeded
  • Failed: Failed

JSON example for request failed:

  "Succeeded": false,
  "ErrorInfo": {
    "Type": "MissingAuthorizationHeader",
    "Message": "Missing authorization header."
Parameter name Description
Type Error type
  • CredentialInvalid: Invalid credentials
  • ParameterMissing: Parameter missing
  • ParameterInvalid: Invalid parameter
  • MissingAuthorizationHeader: Authorization header missing
  • InvalidRequestDateHeader: Invalid request date header
  • MissingRequestDateHeader: Missing request date header
  • AuthorizationHeaderExpired: Authorization header expired
  • InvalidAuthorizationHeader: Invalid authorization header
  • ApiKeyNotFound: API key not found
  • InvalidApiKey: Invalid API key
  • WrongSignature: Wrong signature
  • SubscriptionNotFound: Subscription does not exist
  • EndpointDoesNotBelongToSubscription: Endpoint does not belong to subscription
  • EndpointNotInActiveState: Endpoint not in active state
  • EndpointNotFound: Endpoint does not exist
  • MaliciousItemPathDetected: Malicious item path detected
  • PermissionDenied: Insufficient permissions
  • RequestThrottled: Request throttled

Message Error information