IP Range ACLs for a project

IP Range ACLs is a feature that allows users to proactively activate a safety mode at the internet network level - limiting access to vStorage projects or containers from specific IP addresses determined through a list of IP/Subnet settings configured in metadata at the project or container level, or both.

Currently, vStorage only supports the IP Range ACLs feature for IPv4 and does not yet support IPv6. All references related to IP below will be understood as IPv4.

The IP Range ACLs feature supports both S3 and HTTP protocols.

To set up IP Range ACLs for a project, you can do so through the vStorage Portal using the instructions below:

Use vStorage Portal

1. Log in to https://vstorage.console.vngcloud.vn.

2. Select the icon in the project you want to set up IP Range ACLs for.

3. Choose the IP Range ACLs section.

4. Select Set IP Range ACLs.

5. By default, the project you choose will have the access status set to All IP/Subnets. If you want to limit the number of IP addresses/Subnets that can access your resources, choose a Specific IP/Subnets. To know the number of IP/Subnets you can set up for a project, please refer to Resource Limits.

6. If you choose a Specific IP/Subnets, enter the IP address or Subnet (CIDR) (for example, 125.212.100.101 or 125.212.100.0/24) and then select Add. Refer to IP address and CIDR for details (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).

7. The added IP/Subnets are displayed in the list. If you want to remove this IP/Subnets from the list, select .

8. Select Update.

After completing the 8 steps above, you have successfully set up IP Range ACLs for a project. Now, if you use the Portal IP address or an IP from the added IP/Subnet list for the project, you will have access to all resources of that project (including the project itself and the containers within that project).

If you want to disable IP Range ACLs for your project, meaning any user can access resources without considering the IP address, choose All IP/Subnets when setting up IP Range ACLs.

After setting up IP Range ACLs, S3/HTTP requests (including TempURL requests) to the project from invalid IP/Subnets will be denied with a 403 error code.