Caveats and recommendations
Consider these points before you add Origin IP ACL:
- Origin IP ACL isn't a substitute for authentication. Always implement allowlist protections alongside solutions that let requests from the Akamai network authenticate to your origin. Read best practices for using access control lists in combination with connection and application authentication. If necessary, contact your account team for help.
- Stay current with IP address lists. Changes to the lists of IP address blocks are announced through alerts sent from the Firewall Rules Notification tool. Subscribe to it in Akamai Control Center to get updates.
Don't miss out on updates!
While the list of IP addresses for this feature rarely changes, you should subscribe. It's the one definitive way to get updates to the list.
- Enable IPv6 support for a custom origin. Turn on IPv6 Origin Support in the Origin Server behavior. This will reduce the probability of malicious scanning finding the origin IPs.
Incompatible products
Origin IP ACL can't be used with certain Akamai products and services.
| Product/Service | Details |
|---|---|
| China CDN support | If your origin server is located in China, don't include the Origin IP Access Control List behavior. As an alternative, you could use the SiteShield service. |
| Protocol Downgrade (Legacy) | Also referred to as Protocol Downgrade v1, this legacy behavior is not supported for use with Origin IP ACL. |
Updated 7 months ago