IP Range ACLs for a container

IP Range ACLs is a feature that allows users to proactively activate a safety mode at the internet network level, limiting access to a project or vStorage container from specified IP addresses or subnets through the IP/ Subnet list set up in metadata at the project or container level, or both.

Currently, vStorage only supports the IP Range ACLs feature for IPv4 and does not support IPv6. All references to IP below are to be understood as IPv4.

The IP Range ACLs feature supports both the S3 and HTTP protocols.

Use vStorage Portal

To set up IP Range ACLs for a container, you can follow the instructions below via the vStorage Portal:

After completing the 7 steps above, you have successfully set up IP Range ACLs for a container. If you use the Portal IP address or an IP within the IP/ Subnet list added to the container, you will have access to all resources of the container (including the container and the directories and objects within that container). The container will inherit the IP range ACLs of the project to which it belongs.

If you want to disable the IP Range ACLs for your container, meaning that all users have access to resources without considering IP addresses, choose All IP/Subnets when setting up IP Range ACLs.

After setting up IP Range ACLs, S3/ HTTP requests (including TempURL requests) to the container from invalid IP/ Subnet will be denied with a 403 error code.