TrainingSupportCommunity

Set up Origin IP ACL

Suggest Edits

Based on the ​Akamai​ product you're using, you'll need to follow specific instructions to add Origin IP Access Control List (Origin IP ACL).

Adaptive Media Delivery

Limited Availability

  1. Talk to your ​Akamai​ account team about adding Origin IP ACL to your property.
  2. Review Caveats and recommendations before you go live with it.

API Acceleration

  1. Set the Origin Server behavior in your property to use Your origin and configure the appropriate origin type:

  2. Add the behavior to an applicable rule in your property:

RuleDescription

Default Rule

If you want to have Origin IP ACL apply to all requests for your content, click the Default Rule to select it.

Custom Rule

If you want to use custom match criteria for a request to trigger the use of Origin IP ACL, follow these steps.

  1. In the Property Configuration Settings panel, click + Rules.
  2. Select the Blank Rule Template, and click Insert Rule.
  3. Click ... for the New Rule, select Edit name, and enter a desired name for the rule.
  4. Click + Match and define an appropriate criterium for the rule.

📘

The Origin IP Access Control List behavior needs to exist in the same rule that contains the Origin Server behavior.

  1. Add the Origin IP Access Control List behavior:

    a. Click + Behavior.

    b. In the Search available behaviors field, type origin and select Origin IP Access Control List.

    c. Click Insert Behavior. The Origin IP Access Control List behavior is added.

  2. Make sure that Enable is set to On.

  1. Add the SureRoute behavior to the same rule and set it up for Performance.

  2. Review Caveats and recommendations to ensure that you're applying recommended authentication and not including incompatible products and features with your property.

  3. Save your property and activate it on staging for testing.

  4. With all testing complete, activate your property on production to go live on the ​Akamai​ network.

Cloud Wrapper

You don't need to perform any separate steps to configure Origin IP ACL with Cloud Wrapper. The IP space that Cloud Wrapper uses is natively part of the Origin IP Access Control List. So, once you implement Cloud Wrapper into your delivery configuration, Origin IP ACL is automatically enabled.

However, you'll still need to configure your origin's firewall to recognize Origin IP ACL's addresses.

🚧

You don't need the Origin IP Access Control List behavior

Cloud Wrapper is configured by adding its specific behavior to a rule in your delivery configuration. Since it automatically includes support for Origin IP ACL, don't include the Origin IP Access Control List behavior in a rule that also contains the Cloud Wrapper behavior. This applies if you're adding Cloud Wrapper support to these ​Akamai​ delivery products:

  • Adaptive Media Delivery
  • Download Delivery
  • Object Delivery

Download Delivery

Limited Availability

  1. Talk to your ​Akamai​ account team about adding Origin IP ACL to your property.
  2. Review Caveats and recommendations before you go live with it.

Dynamic Site Accelerator

Currently, Origin IP ACL is not supported for use with Dynamic Site Accelerator. Look for support with a future release.

Ion (Standard and Premier)

Currently, Origin IP ACL is not supported for use with Ion. Look for support with a future release.

Object Delivery

Limited Availability

  1. Talk to your ​Akamai​ account team about adding Origin IP ACL to your property.
  2. Have a look at Caveats and recommendations before you go live with it.

What happens next?

As requests are processed by your property, connection attempts to your origin from the ​​Akamai​ edge network will come from one of the IP addresses you set up on your origin server. Essentially, this lets you control access: You could set up a firewall policy on your origin that only allows requests from these addresses.

Updated about 1 month ago