Create and Manage Trusted IP Address Lists
Create named lists of trusted IP addresses or CIDR ranges to use with Custom Firewall Rules that bypass security checks for trusted traffic.
Required Editions
| Available in: B2C Commerce |
You must have the eCDN Admin role on the Production instance to create or modify Managed IP Address Lists. On non-production instances the Realm Security Rules tab is read-only.
Managed IP Address Lists are named collections of IP addresses or CIDR ranges. Lists can be scoped at the account (realm) level, applying to all eligible zones in your realm, or at the zone level, applying only to a single zone. Two list types are supported:
- Allowlist — IP addresses that should bypass security checks. Use with a Custom Firewall Rule with skip actions.
- Blocklist — IP addresses that should be explicitly blocked. Use with a Custom Firewall Rule with a block action.
After creating a list, create a Custom Firewall Rule that references the list and specifies the appropriate action. See Create a Custom Firewall Rule for an eCDN Zone.
customer_ by
the system. You enter only the name portion. The prefix is stripped from display in Business
Manager but is required internally. For example, if you enter trusted_ips,
the list is stored as customer_trusted_ips.- In Business Manager, click the App Launcher, and then select Administration | Sites | Embedded CDN Settings.
- Locate the zone you want to configure and select Configure Zone from the dropdown menu.
- Select the Security Rules tab, then select the Realm Security Rules sub-tab.
- In the Managed IP Address Lists section, click New List.
-
Select the scope for the list.
Scope Description Account The list applies to all eligible zones in your realm (Proxy, Legacy, and Default Domain zones). Zone The list applies only to the current zone. -
Enter a name for the list.
Follow these naming requirements:
- Use only lowercase letters, numbers, and underscores.
- Maximum 41 characters for the name you enter (the system adds a
customer_prefix, making the total stored name 50 characters maximum). - Hyphens and spaces are not allowed. Use underscores instead — for example, enter support_team_vpn instead of support-team-vpn.
The stored name format differs by scope and list type:
Scope List type Stored name format Account Allowlist customer_name— for example,customer_trusted_ipsAccount Blocklist customer_blk_name— for example,customer_blk_blocked_ipsZone Allowlist customer_zoneID_name— the system automatically prepends the first 8 characters of the zone ID, for example,customer_81d5067d_trusted_ipsZone Blocklist customer_zoneID_blk_name— for example,customer_81d5067d_blk_blocked_ipsZone-level list names are automatically namespaced with the zone ID prefix by the system to prevent naming collisions. Two zones in the same realm can have lists with the same name without conflict.
-
In the IP Addresses field, enter the IP addresses or CIDR ranges to include in the
list.
Enter one record per line. Accepted formats:
- Single IPv4 address — for example,
198.51.100.1 - IPv4 CIDR range — for example,
198.51.100.0/24
- Single IPv4 address — for example,
-
Click Save.
The list appears in the Managed IP Address Lists section. To use this list to bypass security checks for trusted traffic, create a Custom Firewall Rule that references it. See Create a Custom Firewall Rule for an eCDN Zone.
To edit a list, select it from the Managed IP Address Lists section, update the IP addresses, and click Save. To delete a list, select it and click Delete. Deleting a list also removes any Custom Firewall Rules that reference it.
