Site Shield provides an additional layer of security by leveraging a defined set of IP subnet ranges to route traffic to the origin, ensuring that the client requests from the CDN are routed to the origin via the provided list of IP CIDR Ranges from the Akamai CDN network. Once the IP ranges are allowlisted on the perimeter firewall, it helps prevent attackers from bypassing cloud-based defenses and directly targeting the application origin.

Introducing Site Shield Stable CIDRs

Site Shield leverages a defined set of IP Subnet ranges to route traffic to the application’s origin. Routine maintenance is required in terms of updating the firewall ACLs frequently and acknowledging the CIDR changes in the Akamai Control Center Site Shield application to ensure that performance and end-user experience are maintained. This routine maintenance could become operationally challenging, especially if there are multiple origins or multiple firewalls to be maintained and/or multiple Site Shield Maps.

Site Shield Stable CIDRs is aimed at reducing the operational overheads by leveraging a larger set of Akamai-owned IP CIDR ranges that fully encompass the IP ranges that comprise your map today. Changes to the map, such as removing decommissioned Akamai service locations or adding capacity, are all done within these larger, mostly static, CIDR blocks. This reduces the operational challenges of frequently keeping the map updated and limits the changes required on your origin firewalls.

📘
Site Shield or Site Shield Stable CIDRs are not a substitute for authentication. Always implement allowlist protections alongside solutions that let requests from the Akamai network authenticate to your origin. Read best practices for using Site Shield in combination with connection and application authentication. If required, contact your Akamai account team for help.

Developer tools

What's new

Release notes