Access control configuration
-
Article
-
-
You can use access-control management to set up and configure referrer blacklists and whitelists, and thereby implement an anti-theft chain.
-
- If you set up a blacklist, access is denied if the referrer is in the blacklist, but it is otherwise permitted.
- If you set up a whitelist, access is permitted only if the referrer is one of the domain names in the whitelist.
Request
| Method
| Request URI
|
| PUT |
https://restapi.cdn.azure.cn/subscriptions/{subscriptionId}/endpoints/{endpointId}/accesscontrol?apiVersion=1.0 |
URI parameter
| Parameter name
| Description
|
| subscriptionId |
Subscription unique identifier |
| endpointId |
Target node unique identifier |
| Request header |
Description |
| x-azurecdn-request-date |
Required. Enter the current UTC request time in yyyy-MM-dd hh:mm:ss format. |
| Authorization |
Required. Refer to CDN API signing mechanism for authorization headers. |
| content-type |
Required. application/json |
Request body
{
"ForbiddenIps": [
"192.160.1.1",
"220.100.100.100"
],
"RefererControl": {
"Enabled": "true",
"PathPatterns": [
"/test1/test1.jpg"
],
"Referers": [
"http://www.abc.com",
"http://www.micorosft.com"
],
"RefererControlType": "AllowList"
}
}
| Parameter name
| Description
|
| ForbiddenIps |
List of forbidden IPs |
| PathPatterns |
[anti-]theft link file path connection |
| Referers |
[anti-]theft link connection |
| RefererControlType |
Anti-theft chain type
- AllowList: A whitelist, which allows links for only the matching referrers to access the matching PathPatterns paths.
- BlockList: A blacklist, with links to matching referrers who will be denied access if they attempt to access the matching PathPatterns paths.
|
Response
A response comprises a status code, response headers, and a response body.
Status code
| Status code
| Description
|
| 202 |
Indicates that the server has successfully accepted the request. |
| Other |
General response indicating that an error has occurred. |
| Response header
|
Description
|
| X-Correlation-Id |
The request’s unique identifier, which is used to track request information. |
Response body
JSON example for request succeeded:
{
"Succeeded": true,
"IsAsync": true,
"AsyncInfo": {
"TaskTrackId": "b520c544-ec34-4ac4-86f5-5394363919c3",
"TaskStatus": "Processing"
}
}
| Parameter name
| Description
|
| TaskTrackId |
The operation's unique identifier, which can be used to query progress. |
| TaskStatus |
Task status
- NotSet: State not set
- Processing: Currently processing
- Succeeded: Succeeded
- Failed: Failed
|
JSON example for request failed:
{
"Succeeded": false,
"ErrorInfo": {
"Type": "MissingAuthorizationHeader",
"Message": "Missing authorization header."
}
}
| Parameter name
| Description
|
| Type |
Error type
- CredentialInvalid: Invalid credentials
- ParameterMissing: Parameter missing
- ParameterInvalid: Invalid parameter
- MissingAuthorizationHeader: Authorization header missing
- InvalidRequestDateHeader: Invalid request date header
- MissingRequestDateHeader: Missing request date header
- AuthorizationHeaderExpired: Authorization header expired
- InvalidAuthorizationHeader: Invalid authorization header
- ApiKeyNotFound: API key not found
- InvalidApiKey: Invalid API key
- WrongSignature: Wrong signature
- SubscriptionNotFound: Subscription does not exist
- EndpointDoesNotBelongToSubscription: Endpoint does not belong to subscription
- EndpointNotInActiveState: Endpoint not in active state
- EndpointNotFound: Endpoint does not exist
- MaliciousItemPathDetected: Malicious item path detected
- PermissionDenied: Insufficient permissions
- RequestThrottled: Request throttled
|
| Message |
Error information |