Universal Access Control Lists Overview

Use access control lists (ACLs) to blacklist and whitelist access to your protected web and API domains. Rather than manually tailoring an ACL for each new domain, simply create a universal ACL, configure the access rule(s), and then add the domain(s) to the list.

For all of your APIs, websites, and web apps, this helps to:

  • Block all attempts by malicious users
  • Allow all attempts by approved users

In addition to simply tracking by IP address, the Universal ACL lets you globally blacklist or whitelist by:

  • Organization (Amazon, Rackspace, etc.)
  • Country
  • User agent
  • API token
  • Device ID (Distil-generated)
  • HTTP referrer

Once configured, tailor a series of ACLs according to your business needs and practices. For example, create an ACL whitelisting your internal tools via API tokens or IP addresses. Apply it to your API-specific URLs (e.g., to ensure that only authorized users have access.

Create another ACL that blacklists problematic ISPs via organizations. Apply it to specific paths in your domain (e.g., to block requests coming from suspect or temporary ISPs.

Additionally, use Distil published ACLs to apply Distil-curated and -recommended whitelists and blacklists to your domains.

Ready to start? Use the ACL dashboard to create, manage, and delete your ACLs.


Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request