Secure an infrastructure

Once you’ve created an edge firewall and secured your application, you can use Origin Shield to secure your infrastructure by blocking threats.

Origin Shield provides a list of IP/CIDR addresses used exclusively by Azion in its distributed infrastructure, ensuring that only trusted Azion IPs are allowed access. The list is maintained by Azion and made available via Azion Console and API. Clients are responsible for automating updates to their security policies to keep them aligned with the current Origin Shield addresses.

Step 1. Enable Origin Shield

To access the Origin Shield list, you must have:

The Network Layer Protection module enabled.
Be subscribed to the Origin Shield add-on.
- Contact the sales team to subscribe to this feature.

Step 2. Access the list of addresses

Access Azion Console > select Network Lists.
Select Azion Origin Shield.
On the List field, you can copy the IP addresses list.

Run the following GET request in your terminal, replacing [TOKEN VALUE] with your personal token

curl --location 'https://api.azionapi.net/network_lists' --header 'Accept: application/json; version=3' --header 'Authorization: Token [TOKEN VALUE]'

You’ll receive a response similar to this:

{
  "count": 4,
  "total_pages": 1,
  "schema_version": 3,
  "links": {
    "previous": null,
    "next": null
  },
  "results": [
    {
      "id": 2345,
      "last_editor": "last.editor@azion.com",
      "last_modified": "2023-03-27T21:19:27.996870Z",
      "list_type": "ip_cidr",
      "name": "Azion Origin Shield",
      "country_list": [],
      "ip_list": [
        "192.168.0.5"
      ]
    }
  ]
}

On the ip_list field, you’ll receive all IPs added by Azion. You can copy the IP addresses list.

Step 3. Automate new address additions

After having access and checking the list of IP addresses provided by Origin Shield, you can create an automation with Rules Engine, ensuring your infrastructure is always protected with the most recent version of safe IPs.