Firewall
This function allows you to protect image hosting with firewall and provides an opportunity to defend against malevolent usage / attacks.
Limitations
- activating the firewall (creation / modification) takes the system a maximum of 30 seconds
- during this time, there is a chance of contact chatter until it is updated on all the servers
- depending on the rules set, frontend image manipulation can be disabled as well, and it does not effect the listing of the images at all
Filtering options
According to acceptance:
- denying: denies the request if there is a hit
- accepting: goes to the next item on the checklist, if there is a hit
- There is also an option to deny if there isn’t at least one acceptance activated.
According to rules
Interpretation of the IP address: if there is a specific user, or, if it cannot be determined, the last known endpoint’s IP address
- IP address: checking by IP address
- specific IP address
- IP address range (masked)
- from … to …. IP address range
- IPv6 and IPv4 addresses supported
- Country: defined by IP address the country where the specific IP address is assigned
- Continent: defined by IP address the continent where the specific IP address is assigned
- CDN: the last endpoint IP address that is from the CDN service provider - this is extremely useful if you want to limit the requests to CDN service providers, which can reduce costs
Order of rule-interpretation
- accepting CDN
- denying CDN
- accepting IP
- denying IP
- accepting country
- denying country
- accepting continent
- denying continent
- denying, if there were no accepting
Costs
- processing CU with every image servicing
- CU when creating a firewall
- CU when modifying a firewall