Description

Allows you to match based on IPv4 and IPv6 addresses and CIDR lists.

For IPv6 CIDR lists, use the shorthand notation. For example, if the full notation is 2001:0db8:0001:0002:0000:0000:0000:0001/32, enter this instead: 2001:db8:1:2::1/32.

Cloudlets Supported

All Cloudlets support this match type.

Fields

For this match type, enter the IP addresses and CIDR lists in the text box provided.

If you have a large number of values, you can paste them in if you separate them with a space, comma, or carriage return.

Invalid IP Addresses/CIDR Lists

For IPv6, publicly accessible addresses in shorthand notation are valid. See RFC 2732 or RFC 2373 for the specific technical details.

For IPv4, these IP addresses and CIDR blocks are not valid:

Network Address Type	Invalid Addresses
Broadcast	255.255.255.255
Link Local	169.254.0.0/16
Local Wildcard	0.0.0.0/8
Loopback	127.0.0.0/8
Multicast	224.0.0.0/8 through 239.0.0.0/8
Shared	100.64.0.0/10
Site Local	10.0.0.0/8 192.168.0.0/16 172.16.0.0/12

Setting the client IP address

For this match type, you can also select whether to use the client IP address from the connecting IP address, the X-Forwarded-For header value, or either option.

When a client connects to the edge platform using an HTTP proxy or a load balancer, the X-Forwarded-For (XFF) HTTP header identifies the originating IP address of that client.

Operators

This match type uses the following operators:

Value	The rule is true when	Example
`is one of`	the incoming request includes one of the IP addresses or CIDR lists included in the rule’s if clause.	The rule includes a match where the IP address is 158.1.0.0. In this instance, only requests coming from the 158.1.0.0 address are valid.
`is not one of`	the incoming request does not include one of the IP addresses or CIDR lists included in the rule’s if clause.	The rule includes a match where the IP address is 158.1.0.0. In this instance, any request is true that doesn’t come from 158.1.0.0.