Set up Origin IP ACL
Based on the Akamai product you're using, you'll need to follow specific instructions to add Origin IP Access Control List (Origin IP ACL).
Adaptive Media Delivery
Limited Availability
- Talk to your Akamai account team about adding Origin IP ACL to your property.
- Review Caveats and recommendations before you go live with it.
API Acceleration
-
Set the Origin Server behavior in your property to use Your origin and configure the appropriate origin type:
-
Add the behavior to an applicable rule in your property:
Rule | Description |
---|---|
Default Rule | If you want to have Origin IP ACL apply to all requests for your content, click the Default Rule to select it. |
Custom Rule | If you want to use custom match criteria for a request to trigger the use of Origin IP ACL, follow these steps.
|
The Origin IP Access Control List behavior needs to exist in the same rule that contains the Origin Server behavior.
-
Add the Origin IP Access Control List behavior:
a. Click + Behavior.
b. In the Search available behaviors field, type
origin
and select Origin IP Access Control List.c. Click Insert Behavior. The Origin IP Access Control List behavior is added.
-
Make sure that Enable is set to On.

-
Add the SureRoute behavior to the same rule and set it up for Performance.
-
Review Caveats and recommendations to ensure that you're applying recommended authentication and not including incompatible products and features with your property.
-
Save your property and activate it on staging for testing.
-
With all testing complete, activate your property on production to go live on the Akamai network.
Cloud Wrapper
You don't need to perform any separate steps to configure Origin IP ACL with Cloud Wrapper. The IP space that Cloud Wrapper uses is natively part of the Origin IP Access Control List. So, once you implement Cloud Wrapper into your delivery configuration, Origin IP ACL is automatically enabled.
However, you'll still need to configure your origin's firewall to recognize Origin IP ACL's addresses.
You don't need the Origin IP Access Control List behavior
Cloud Wrapper is configured by adding its specific behavior to a rule in your delivery configuration. Since it automatically includes support for Origin IP ACL, don't include the Origin IP Access Control List behavior in a rule that also contains the Cloud Wrapper behavior. This applies if you're adding Cloud Wrapper support to these Akamai delivery products:
- Adaptive Media Delivery
- Download Delivery
- Object Delivery
Download Delivery
Limited Availability
- Talk to your Akamai account team about adding Origin IP ACL to your property.
- Review Caveats and recommendations before you go live with it.
Dynamic Site Accelerator
Currently, Origin IP ACL is not supported for use with Dynamic Site Accelerator. Look for support with a future release.
Ion (Standard and Premier)
Currently, Origin IP ACL is not supported for use with Ion. Look for support with a future release.
Object Delivery
Limited Availability
- Talk to your Akamai account team about adding Origin IP ACL to your property.
- Have a look at Caveats and recommendations before you go live with it.
What happens next?
As requests are processed by your property, connection attempts to your origin from the Akamai edge network will come from one of the IP addresses you set up on your origin server. Essentially, this lets you control access: You could set up a firewall policy on your origin that only allows requests from these addresses.
Updated about 1 month ago