Client Request Access
- 05 Nov 2024
- 2 Minutes to read
- Print
- PDF
Client Request Access
- Updated on 05 Nov 2024
- 2 Minutes to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
This feature lets you set the conditions for rejecting or redirecting client requests based on header information. For example, to block referrer URLs or user agents.
This is a Processing Stages rule that is applied to the client request. It can be configured for a host or a path. If you add this rule to a path configuration, it is important to understand the inheritance logic. Learn more about Processing Stage rules.
Configure the Rule
Here, we'll describe how to configure the rule with the Delivery Service Management UI.
API Users may choose to build the site configuration offline.
To configure a Client Request Access rule:
In the Select Rule dialog, choose Client Request Access.
Configure the rule:
Outcome How to Configure Deny All To deny all requests, enter the relevant deny status code in the Status Code field. 
Redirect All To redirect all requests, enter the relevant redirect status code and set the redirect target. 
You can set a dynamic redirect target using a MEL expression.
Conditional Match To define conditions for denying or redirecting some client requests, on the Conditional Match tab, create the match condition (MEL expression). Then use the Status Code and Redirect Target fields to determine what happens to a request that is not a match. 
Choose Add Rule.
SVTA Component: MI.ProcessingStages
When you save the site configuration, the client-request component is added to the JSON configuration within the MI.ProcessingStages component.
Deny All
This is an example of a Deny All rule that tells the CDN to deny all matches.
{
"generic-metadata-type": "MI.ProcessingStages",
"generic-metadata-value": {
"client-request": [
{
"stage-metadata": [
{
"response-transform": {
"synthetic": {
"response-status": "401"
}
}
}
]
}
]
}
}
Redirect All
This is an example of a Redirect All rule that redirects all matches to http://origin.example.com.
{
"generic-metadata-type": "MI.ProcessingStages",
"generic-metadata-value": {
"client-request": [
{
"stage-metadata": [
{
"response-transform": {
"synthetic": {
"response-status": "301",
"headers": [
{
"name": "location",
"value": "http://origin.example.com",
"value-is-expression": false
}
]
}
}
}
]
}
]
}
}
Redirect All with a Dynamic Redirect Target
This is an example of a Redirect All rule that instructs the CDN to redirect all matches and uses a MEL expression to determine the redirect target.
{
"generic-metadata-type": "MI.ProcessingStages",
"generic-metadata-value": {
"client-request": [
{
"stage-metadata": [
{
"response-transform": {
"synthetic": {
"response-status": "301",
"headers": [
{
"name": "location",
"value": "'https://example.alternate.server.com' . req.uri.path",
"value-is-expression": true
}
]
}
}
}
]
}
]
}
}
Conditional Match
This is an example of a conditional match. The MEL expression instructs the CDN to look for a secret header. If the secret header is missing or does not recall to the specified secret token, the request is denied with a 403 response.
{
"generic-metadata-type": "MI.ProcessingStages",
"generic-metadata-value": {
"client-request": [
{
"stage-metadata": [
{
"response-transform": {
"synthetic": {
"response-status": "403"
}
}
}
],
"match": {
"expression": "req.h.MySecret == 'nil' or req.h.MySecret != 'm1y2e3f4b5m6m7y9'"
}
}
]
}
}
Was this article helpful?