Access control is more than a passing fancy for many Limelight customers. In April, 2016, we will have many features in the Orchestrate Platform to help control who can access what, from where. We recently merged two access control features: ACL (Access Control Lists) and Geo-Fencing. For quite a while, we have had support for Geo-Fencing and ACLs. Geo-Fencing enables customers to allow/deny access based on an end-user's geographic location. ACLs enable customers to allow/deny access based on end-user IP address or HTTP Method. In the original implementation, Geo-Fencing and ACLs were separate processes and were difficult to use in concert. The new White/Black Listing IP and Geo-Fencing is greater than the sum of its parts.
In the new implementation, Geo-Fencing and IP ACL are combined into a set of access control rules. The new service allows IPs to be organized into "Groups". IP Groups and IP geo-location data are treated in the same manner. Access control rules are processed in the order in which they are written. The first time and IP address is found in a rule determines how that IP will be treated. Mixing and matching IP Groups and geo-location rules is considerably more flexible than the disparate legacy systems were.
Feature of the new system include:
Allow/deny access based on HTTP method. Option: get/head/options/post/put/delete
Allow/deny access based on geographic location of end-users IP address
Allow/deny access to a group of IP address. IP ranges in a group can be defined by: get/head/options/post/put/delete
Allow/deny access to end-users who are routing their requests through an anonymous proxie
Allow/deny access to all
Sportsball_Live.com has licensed distribution of the World Championship of CalvinBall (WCCB). Their license limits them to European distribution. Advertising partners paid big bucks to bring WCCB to Europe. The partner offices are spread around the globe and must have access to the WCCB content. The licence agreement is strict and requires the blocking access from anonymous proxies.
An ordered set of access control rules can be constructed to enable Sportsball_Live.com to meet their licence agreement and bring WCCB to Europe.
Because WCCB is a live video event HTTP methods will be restricted to get/head/options
Explicitly allows any IP found in the Advertising_Partners_List access to the WCCB Event
Deny Anonymous Proxies
Explicitly denies access to WCCB to any know anonymous proxies
Explicitly allows access to WCCB event to any IP in Europe
|Denies access to any end-user who has not been given access by the above rules. ALL should always be the last rule.|