Access control configuration
-
Article
-
-
You can use access-control management to set up and configure referrer blacklists and whitelists, and thereby implement an anti-theft chain.
-
- If you set up a blacklist, access is denied if the referrer is in the blacklist, but it is otherwise permitted.
- If you set up a whitelist, access is permitted only if the referrer is one of the domain names in the whitelist.
Request
Method
| Request URI
|
PUT |
https://restapi.cdn.azure.cn/subscriptions/{subscriptionId}/endpoints/{endpointId}/accesscontrol?apiVersion=1.0 |
URI parameter
Parameter name
| Description
|
subscriptionId |
Subscription unique identifier |
endpointId |
Target node unique identifier |
Request header |
Description |
x-azurecdn-request-date |
Required. Enter the current UTC request time in yyyy-MM-dd hh:mm:ss format. |
Authorization |
Required. Refer to CDN API signing mechanism for authorization headers. |
content-type |
Required. application/json |
Request body
{
"ForbiddenIps": [
"192.160.1.1",
"220.100.100.100"
],
"RefererControl": {
"Enabled": "true",
"PathPatterns": [
"/test1/test1.jpg"
],
"Referers": [
"http://www.abc.com",
"http://www.micorosft.com"
],
"RefererControlType": "AllowList"
}
}
Parameter name
| Description
|
ForbiddenIps |
List of forbidden IPs |
PathPatterns |
[anti-]theft link file path connection |
Referers |
[anti-]theft link connection |
RefererControlType |
Anti-theft chain type
- AllowList: A whitelist, which allows links for only the matching referrers to access the matching PathPatterns paths.
- BlockList: A blacklist, with links to matching referrers who will be denied access if they attempt to access the matching PathPatterns paths.
|
Response
A response comprises a status code, response headers, and a response body.
Status code
Status code
| Description
|
202 |
Indicates that the server has successfully accepted the request. |
Other |
General response indicating that an error has occurred. |
Response header
|
Description
|
X-Correlation-Id |
The request’s unique identifier, which is used to track request information. |
Response body
JSON example for request succeeded:
{
"Succeeded": true,
"IsAsync": true,
"AsyncInfo": {
"TaskTrackId": "b520c544-ec34-4ac4-86f5-5394363919c3",
"TaskStatus": "Processing"
}
}
Parameter name
| Description
|
TaskTrackId |
The operation's unique identifier, which can be used to query progress. |
TaskStatus |
Task status
- NotSet: State not set
- Processing: Currently processing
- Succeeded: Succeeded
- Failed: Failed
|
JSON example for request failed:
{
"Succeeded": false,
"ErrorInfo": {
"Type": "MissingAuthorizationHeader",
"Message": "Missing authorization header."
}
}
Parameter name
| Description
|
Type |
Error type
- CredentialInvalid: Invalid credentials
- ParameterMissing: Parameter missing
- ParameterInvalid: Invalid parameter
- MissingAuthorizationHeader: Authorization header missing
- InvalidRequestDateHeader: Invalid request date header
- MissingRequestDateHeader: Missing request date header
- AuthorizationHeaderExpired: Authorization header expired
- InvalidAuthorizationHeader: Invalid authorization header
- ApiKeyNotFound: API key not found
- InvalidApiKey: Invalid API key
- WrongSignature: Wrong signature
- SubscriptionNotFound: Subscription does not exist
- EndpointDoesNotBelongToSubscription: Endpoint does not belong to subscription
- EndpointNotInActiveState: Endpoint not in active state
- EndpointNotFound: Endpoint does not exist
- MaliciousItemPathDetected: Malicious item path detected
- PermissionDenied: Insufficient permissions
- RequestThrottled: Request throttled
|
Message |
Error information |