Follow

Web Security Whitelist Values

Similar to Distil's "Threat" value, which is denoted as the HTTP Header x-distil-bot, we also show why a request was allowed (or whitelisted) using the HTTP header x-distil-whitelist. Each whitelisted request inspected by Distil is assigned a whitelist value and that value is appended to the request sent from Distil to origin in the HTTP Header x-distil-whitelist.

Distil’s updated platform provides a new whitelist field (field 48) on the web logs to signify the exact reason why Distil whitelisted the request.

NOTE: Classic domains do not have detailed whitelist values, but have an X-Distil-Bot value of -1.

The table below lists all possible reasons Distil can whitelist a request, along with the definition of each value. For API security whitelist values, please see the Distil API security whitelist values article.

NOTE: These values appear in your access logs only after you have migrated your domains to the latest Distil version. 

Code

Name

Portal Setting

2

Country ACL

Universal ACL – Country ACL

8

Search Engine ACL

(n/a - this whitelist is auto-handled by the Distil platform)

16

Social Media ACL

(n/a - this whitelist is auto-handled by the Distil platform)

32

Internal Request

(n/a - this whitelist is auto-handled by the Distil platform)

64

Referrer ACL

Universal ACL – Referrer ACL

2048

IP ACL

Universal ACL – IP ACL

1048576

GeoIP Org ACL

Universal ACL – Organization ACL

4194304

User Agent ACL

Universal ACL – User Agent ACL

8388608

Unique Identifier ACL

Universal ACL – Device ID ACL

16777216

Header ACL

Universal ACL – Header ACL

134217728

Static Extension Whitelist

Universal ACL - Extension ACL

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments