Caveats and recommendations

Consider these points before you add Origin IP ACL:

  • Origin IP ACL isn't a substitute for authentication. To further enhance your origin security, use it in combination with other ​Akamai​ protection methods. If it fits with your origin setup, you can use Cloud Access Manager in your delivery workflow. You can also add protections like signature header authentication or mutual authentication. Talk to your ​Akamai​ account team for help with these.
  • Stay current with IP address lists. Changes to the lists of IP address blocks are announced through alerts sent from the Firewall Rules Notification tool. Subscribe to it in ​Akamai Control Center​ to get updates.

🚧

Don't miss out on updates!

While the list of IP addresses for this feature rarely changes, you should subscribe. It's the one definitive way to get updates to the list.

  • Enable IPv6 support for a custom origin. Turn on IPv6 Origin Support in the Origin Server behavior. This will reduce the probability of malicious scanning finding the origin IPs.

Incompatible products

Origin IP ACL can't be used with certain ​Akamai​ products and services.

Product/ServiceDetails
China CDN supportIf your origin server is located in China, don't include the Origin IP Access Control List behavior. As an alternative, you could use the SiteShield service.
Protocol Downgrade (Legacy)Also referred to as Protocol Downgrade v1, this legacy behavior is not supported for use with Origin IP ACL.