Preparing an Associated Rules .CSV

The universal ACL lets you whitelist and blacklist IPs, countries, organizations, headers, tokens, device IDs, and referrers.

Additionally, the universal ACL applies your rules across Distil’s web and API security products. This helps to consolidate your ACL management and make it more efficient to administer.

You can quickly and easily pre-configure a universal ACL by importing a standard comma-separated value (.CSV) file. You can also export your entire ACL in the same manner, configure it offline, and then import it back into the Distil portal.

Your .CSV file must include the following header values (in lowercase as shown):

  • type – The category you are whitelisting or blacklisting. Enter one of the following values:

    NOTE: Header value options are shown in bold alongside adjacent definitions. Only include the bold portion in your list.
    • ip – IP address
    • org – Organization (e.g., Amazon, Google)
    • country – Two-letter country code (e.g., us, ca, de, jp)
    • header – HTTP response header (does not apply to API endpoints)
    • token – Authentication token (only applies to API endpoints)
    • device_id – Distil-generated device ID (also known as the ZUID, found in field 45 of the Web Security logs)
    • referrer – HTTP referrer
  • value – Value you are whitelisting or blacklisting.
  • list – List to which you are adding the record. Must be either whitelist or blacklist.

OPTIONAL: Your .CSV file can include the following header values:

  • id – Distil-generated identification number associated with the record

    NOTE: This id header is required if you are updating an existing ACL record.
  • note Include any notes as to why you blacklisted or whitelisted the record for future reference.
  • expires – Date and time the associated rule expires. Format this value using ISO 8601, a UTC 24-hour clock format (YYYY-MM-DDTHH:MM:SS) where “T” separates the date and time values.

    NOTE: You must enter all of the digits for the expires header. For example, to set the expiration for January 1, 2017 at 3:00 am, enter “2017-01-01T03:00:00” rather than “2017-1-1T3:00:00.” However, you can omit the time value (“THH:MM:SS”), in which case the system defaults to 00:00:00 on the entered date. For example, entering “2017-01-01” without the time value sets the associated rule to expire at 2017-01-01T00:00:00.

Below is an example of an ACL .CSV formatted with the headers.

id, type, value, list, note, expires
85ee8c27-c2e2-48e2-9289-9fa64b9e306f, ip,, blacklist, competitor ip range, 2017-01-01T03:00

The first line contains the list headers, including the optional id and note fields. The second line contains the corresponding data for all five fields used in this ACL.

Below is an example of an ACL .CSV that uses only the mandatory three fields; it does not include the optional id, note, and expires values for any of its records.

type, value, list
ip,, blacklist
ip,, whitelist

If you want to use optional id and note values for some, but not all, of the records in a new ACL, you can optionally leave the id and note values blank. If doing so, simply insert a delimiting comma (,) in their respective fields. Below is an example.

id, type, value, list, note
017094u3hinodi, ip,, blacklist, competitor ip range
, ip,, blacklist,

The first line contains the full list of headers, including the optional id and note values. The second line contains a value for each of the five respective headers. The third line does not include a value for the optional id and note headers (note the leading and trailing commas used as delimiters).

Contact Distil Support for additional assistance with whitelisting and blacklisting.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request