Origin Shield
Origin Shield is a security feature that provides a dynamic Network List, Azion Origin Shield, containing all IP/CIDR addresses used by Azion’s network infrastructure.
This list serves as a data source for enforcing a strict IP Access Control List (ACL) on your origin servers. By configuring your origin’s firewall to permit inbound traffic exclusively from the addresses specified in this list, you establish a Layer 3/4 security perimeter, ensuring that only Azion’s edge servers can connect to your origin and blocking all direct access from external sources.
Clients are responsible for automating updates to their security policies to keep them aligned with the current Origin Shield addresses.
Implementation
| Scope | Resource |
|---|---|
| Secure an Application | Secure an Application |
| Edge Connector | Edge Connector |
| Edge Application first steps | First steps |
Usage
To activate it, enable Origin IP ACL for at least one Edge Connector in your account.
List updates
Azion’s IP list may change frequently, but after updating it, the new servers will only be put into production for those using the Origin Shield add-on 7 days after the list is published. You can also track and trace the changes made to the list through the History in Azion Console. There, you can find which IPs have been added or deleted from the list.
Clients with Origin Shield receive an email every time the list is updated and have 7 days to update automations, when necessary, to retrieve the new list.