Review the appropriate section, based on the Akamai products you're using to deliver your content.

Standard setup

Follow these steps to get Origin IP ACL added to a delivery configuration ("property"), if you're using any of these products:

Adaptive Media Delivery
API Acceleration
Download Delivery
Dynamic Site Acceleration
Ion
Object Delivery

📘
This process applies to properties that aren't being configured with either of these products:

Cloud Wrapper

Direct Connect

See the sections that follow if you're using either of them (or both).

Set the Origin Server behavior in your property to use Your origin and configure the appropriate origin type:
- The custom origin
- The third-party origin
Add the behavior to an applicable rule in your property:

Rule	Description
Default Rule	If you want to have Origin IP ACL apply to all requests for your content, click the Default Rule to select it.
Custom Rule	If you want to use custom match criteria for a request to trigger the use of Origin IP ACL, follow these steps. In the Property Configuration Settings panel, click + Rules. Select the Blank Rule Template, and click Insert Rule. Click ... for the New Rule, select Edit name, and enter a desired name for the rule. Click + Match and define an appropriate criterion for the rule.

Rule

Description

Default Rule

If you want to have Origin IP ACL apply to all requests for your content, click the Default Rule to select it.

Custom Rule

If you want to use custom match criteria for a request to trigger the use of Origin IP ACL, follow these steps.

In the Property Configuration Settings panel, click + Rules.
Select the Blank Rule Template, and click Insert Rule.
Click ... for the New Rule, select Edit name, and enter a desired name for the rule.
Click + Match and define an appropriate criterion for the rule.

📘
The Origin IP Access Control List behavior needs to exist in the same rule that contains the Origin Server behavior.

Add the Origin IP Access Control List behavior:

a. Click + Behavior.

b. In the Search available behaviors field, type origin and select Origin IP Access Control List.

c. Click Insert Behavior. The Origin IP Access Control List behavior is added.
Make sure that Enable is set to On.

Add the SureRoute behavior to the same rule and set it up for Performance.
Review Caveats and recommendations to ensure that you're applying recommended authentication and not including incompatible products and features with your property.
Save your property and activate it on staging for testing.
With all testing complete, activate your property on production to go live on the Akamai network.

Cloud Wrapper setup

Cloud Wrapper is Akamai's custom caching layer that helps reduce requests to your origin server. It optimizes connectivity between cloud infrastructures and the Akamai Intelligent Edge.

Set up with it is different:

Set up Cloud Wrapper. Follow all the sections covered in the Configuration section of the Cloud Wrapper documentation.

🚧
Don't add the Origin IP Access Control List behavior
The IP space that Cloud Wrapper uses is natively part of the Origin IP Access Control List. So, you don't need this behavior in your property.

Update the firewall on your origin. Add an allow list of IP addresses to your firewall on your origin.

Direct Connect setup

Direct Connect is a high-performance network connection between your origin infrastructure and Akamai's Intelligent Edge Platform. It provides direct connectivity between the platform and a physical router in your data center or colocation environment.

Set up with it is different:

Set up Direct Connect. Follow the instructions in the Direct Connect documentation.
Set up delivery for your content. Add a new property to your Direct Connect environment, using a supported delivery product (Adaptive Media Delivery, API Acceleration, Download Delivery, Ion, Media Services Live, or Object Delivery).

🚧
Don't add the Origin IP Access Control List behavior
The IP space that Direct Connect uses is natively part of the Origin IP Access Control List. So, you don't need this behavior in your property.

Update the firewall on your origin. Add an allow list of IP addresses to your firewall on your origin.

Direct Connect with Cloud Wrapper

Direct Connect supports the use of Cloud Wrapper in your property. Here's what you should do to include both:

Perform the full process covered in Direct Connect setup to get your content up for delivery on the Akamai network, and to update your firewall.

📘
Currently, Cloud Wrapper is only supported for use with Adaptive Media Delivery, Download Delivery, and Object Delivery. (Talk to your account team about using it with Ion Beta.)

Perform step 1 in Cloud Wrapper setup to add support for it.

What happens next?

As requests are processed by your property, connection attempts to your origin from the Akamai edge network will come from one of the IP addresses you set up on your origin server. Essentially, this lets you control access: You could set up a firewall policy on your origin that only allows requests from these addresses.