How to automate Origin Shield
Origin Shield provides the list of Azion Edge Nodes’ IP addresses.
go to secure an infrastructureBy activating Origin Shield, your application’s is protected from a network list maintained by Azion. The IP addresses in it change from time to time, but you can automate a behavior using Rules Engine to guarantee you’re always using the updated list.
Via Azion Console
Section titled Via Azion ConsoleTo create a rule:
- On Azion Console, navigate to Edge Firewall.
- Select the edge firewall in which you want to configure the rule.
- Click the Rules Engine tab.
- Click the New Rule button.
- Give your rule a name and, optionally, a description.
- In the Criteria section, select the
Network
variable. - As a comparison operator, select does not match.
- As an argument, select the
Azion Origin Shield
list. - In the Behaviors section, select Drop (Close Without Response) from the behavior list.
- Click the Save button.
If your application receives a request generated from an IP that isn’t in the list, the edge firewall will drop the request.
Via API
Section titled Via API- Run the following
GET
request to retrieve theid
of the Azion Origin Shield list:
- You’ll receive a response similar to this:
- Run the following
POST
request in your terminal, replacing[TOKEN VALUE]
with your personal token, the<edge_firewall_id>
variable with your edge firewall ID, and the<network_list_id>
value with the Origin Shield list ID:
Key | Description |
---|---|
name | Name of the rule |
behaviors | Array that stores objects that define behaviors |
criteria | Array that stores objects that define criteria |
See the Azion API documentation to find out more about criteria and behavior objects.
- You’ll receive the following response:
- Wait a few minutes for the changes to propagate.
If your application receives a request generated from an IP that isn’t in the list, the edge firewall will drop the request.
Contributors