Site Shield Stable CIDRs overview

You must perform routine maintenance when using Site Shield, such as updating your origin firewall ACLs and acknowledging those CIDR changes via the Akamai Control Center Site Shield application. Not performing these regular maintenance tasks could lead to performance issues, impacting user experience on your website protected by Site Shield. Such routine tasks could become operationally challenging, especially when you manage many origin firewalls and/or Site Shield maps. To overcome this, we’ve introduced the concept of Stable CIDRs in Site Shield.

When you enable stable CIDRs for a specific map, the Site Shield management application will always return larger Akamai-owned CIDR blocks that fully encompass the /24 and /25 CIDRs that comprise your map today. Changes to the map, such as removing decommissioned Akamai service locations or adding capacity, are all done within these larger, mostly static, CIDR blocks. This reduces the operational challenges of frequently keeping the map updated and limits the changes required on your origin firewalls.

If you don’t want to use Stable CIDRS, you must continue updating your firewall ACLs and acknowledging those changes in the Akamai Control Center at intervals of 30, 60, or 90 days, depending on how the map is configured. Now, this state represents operating in the original mode.


To make the map static, the Stable CIDRs feature uses Supernet IP blocks, i.e. larger CIDR blocks such as /13, /11, etc. These IP ranges are owned by Akamai. Once you subscribe to stable CIDRs, your Site Shield map will use such larger IP blocks, which must be allowlisted in your origin firewall(s). Enabling the Supernet Blocks does not increase the current bandwidth limits inherent with Site Shield maps.