IP address/CIDR list

Description

Allows you to match based on IPv4 and IPv6 addresses and CIDR lists.

For IPv6 CIDR lists, use the shorthand notation. For example, if the full notation is 2001:0db8:0001:0002:0000:0000:0000:0001/32, enter this instead: 2001:db8:1:2::1/32.

Cloudlets Supported

All Cloudlets support this match type.

Fields

For this match type, enter the IP addresses and CIDR lists in the text box provided.

If you have a large number of values, you can paste them in if you separate them with a space, comma, or carriage return.

Invalid IP Addresses/CIDR Lists

For IPv6, publicly accessible addresses in shorthand notation are valid. See RFC 2732 or RFC 2373 for the specific technical details.

For IPv4, these IP addresses and CIDR blocks are not valid:

Network Address Type

Invalid Addresses

Broadcast

255.255.255.255

Link Local

169.254.0.0/16

Local Wildcard

0.0.0.0/8

Loopback

127.0.0.0/8

Multicast

224.0.0.0/8 through 239.0.0.0/8

Shared

100.64.0.0/10

Site Local

10.0.0.0/8
192.168.0.0/16
172.16.0.0/12

Client IP Setting

For this match type, you can also select whether to use the client IP address from the connecting IP address, the X-Forwarded-For header value, or either option.

When a client connects to the edge platform using an HTTP proxy or a load balancer, the X-Forwarded-For (XFF) HTTP header identifies the originating IP address of that client.

Operators

This match type uses the following operators:

Value

The rule is true when

Example

is one of

the incoming request includes one of the IP addresses or CIDR lists included in the rule’s if clause.

The rule includes a match where the IP address is 158.1.0.0. In this instance, only requests coming from the 158.1.0.0 address are valid.

is not one of

the incoming request does not include one of the IP addresses or CIDR lists included in the rule’s if clause.

The rule includes a match where the IP address is 158.1.0.0. In this instance, any request is true that doesn’t come from 158.1.0.0.


Did this page help you?