> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gcore.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Control access to the content with country, referrer, IP, and user agents policies

## Referrer access policy

Referrer access policy is a restriction to publish the links to content on your site on other sites. To enable the option open the [CDN resource](https://portal.preprod.world/cdn/resources/list), in the **Resource settings**, select **Access**, and then open **Referrer access policy**.

By default, there are no restrictions by referrer to your CDN resource. You can set up allow or block Policy.

### Allow referrer policy

<Frame>
  <img src="https://mintcdn.com/gcore/dxycBbQXMfI-sCbi/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-referrer-access-policy.png?fit=max&auto=format&n=dxycBbQXMfI-sCbi&q=85&s=79cd9f79ff78be5a86314ee36bfd399f" alt="Allow referrer policy" width="1470" height="673" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-referrer-access-policy.png" />
</Frame>

Specify domains to which you would like to block access.

* `www.domain.com` if you want to block access to the specific domain
* `*.domain.com` if you want to block access to all subdomains of domain.com

When users request data from specified domains, they will get the denial of access.

### Block referrer policy

<Frame>
  <img src="https://mintcdn.com/gcore/dxycBbQXMfI-sCbi/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-referrer-access-policy-block.png?fit=max&auto=format&n=dxycBbQXMfI-sCbi&q=85&s=c341f6fde42fd52ed37a65efdc07bfeb" alt="Block referrer policy" width="1461" height="665" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-referrer-access-policy-block.png" />
</Frame>

Specify the domains which you would like to allow access to.

* `www.domain.com` if you want to allow access to the specific domain
* `*.domain.com` if you want to allow access to all subdomains of domain.com

When a user requests data from other domains, they will get the denial of access.

You can specify domains only one by one via the Gcore Customer Portal. To add the list of the domains use [API](/api-reference/cdn/cdn-resources/change-cdn-resource-1).

## Country access policy

You can limit access to your content for listed countries. To enable this option, open the CDN resource, in the **Resource settings**, select **Access**, and then open **Country access policy**.

By default, there are no restrictions by country to your CDN resource. You can set up allow or block policy.

<Note>
  **Note**
  You can specify countries only one by one via the Gcore Customer Portal. To add the list of the countries, use [API](/api-reference/cdn/cdn-resources/change-cdn-resource-1).
</Note>

### Allow country access policy

Access to the resource is allowed for all the countries except for the specified in the field.

<Frame>
  <img src="https://mintcdn.com/gcore/dxycBbQXMfI-sCbi/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-country-access.png?fit=max&auto=format&n=dxycBbQXMfI-sCbi&q=85&s=4e004100f883bfcd4ca3412cad09e0b6" alt="Allow country access policy" width="1503" height="697" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-country-access.png" />
</Frame>

### Block country access policy

Access to the resource is denied for all the countries except for the specified in the field.

<Frame>
  <img src="https://mintcdn.com/gcore/dxycBbQXMfI-sCbi/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-country-access-block.png?fit=max&auto=format&n=dxycBbQXMfI-sCbi&q=85&s=8747eb415c40fee9ac446def67a387f3" alt="Block country access policy" width="1486" height="692" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-country-access-block.png" />
</Frame>

## IP access policy

You can limit access to your content to IP ranges.

In the CDN **Resource settings**, select **Access**, and open **IP access policy**.

By default, there are no restrictions by IP to your CDN resource. You can set up Allow or Block policy.

The option supports IPv4 and IPv6 addresses.

You can specify IPs only one by one via the Gcore Customer Portal. To add the list of the IPs use [API](/api-reference/cdn/cdn-resources/change-cdn-resource-1).

### Allow IP policy

Access to the resource is allowed for all the IPs except for the specified in the field.

<Frame>
  <img src="https://mintcdn.com/gcore/dxycBbQXMfI-sCbi/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-ip-access-policy.png?fit=max&auto=format&n=dxycBbQXMfI-sCbi&q=85&s=9a80afdd75537cd5f3c7f7fe8107454b" alt="Allow IP policy" width="1472" height="832" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-ip-access-policy.png" />
</Frame>

### Block IP policy

Access to the resource is denied for all the IPs except for the specified in the field.

<Frame>
  <img src="https://mintcdn.com/gcore/dxycBbQXMfI-sCbi/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-ip-access-policy-block.png?fit=max&auto=format&n=dxycBbQXMfI-sCbi&q=85&s=ec92a11aa511ff4f8b7586919cb00336" alt="Block IP policy" width="1470" height="825" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-ip-access-policy-block.png" />
</Frame>

## User agent access policy

You can limit access to your CDN content for User agents, for example, for certain browsers, consoles or some other devices.

In the CDN **Resource settings**, select **Access**, and open **User agents policy**.

By default access to the resource is allowed for all the kinds of User Agents. You can set up the allow or block policy.

### Set via the Gcore Customer Portal

To set the user agents using the [Gcore Customer Portal](https://portal.gcore.com/cdn/resources/list):

1\. Go to CDN and select the CDN resource you want to configure.

<Frame>
  <img src="https://mintcdn.com/gcore/RT3cFfJozLV5h74r/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-resources.png?fit=max&auto=format&n=RT3cFfJozLV5h74r&q=85&s=0b314fb73abfef5385995ab0f3d11ee5" alt="Set via the Gcore Customer Portal" width="2079" height="756" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-resources.png" />
</Frame>

2\. In the sidebar, under the **Access** section, select **User agents policy**.

<Frame>
  <img src="https://mintcdn.com/gcore/RT3cFfJozLV5h74r/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-access-menu.png?fit=max&auto=format&n=RT3cFfJozLV5h74r&q=85&s=74f7b33757046ec5cab85fab45c2b6be" alt="Access" width="1557" height="1010" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-access-menu.png" />
</Frame>

3\. Toggle **Enable user agents policy** and choose either the **Allow by default** or **Block by default** option:

* Selecting **Allow by default** allows access for all user agents except those specified.
* Choosing **Block by default** blocks access for all user agents except those specified.

<Frame>
  <img src="https://mintcdn.com/gcore/RT3cFfJozLV5h74r/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-user-agents-policy.png?fit=max&auto=format&n=RT3cFfJozLV5h74r&q=85&s=16b13649bd6c8c2d8d5b22faef9ef57d" alt="Enable user agents policy" width="1241" height="476" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-user-agents-policy.png" />
</Frame>

4\. Set one or more user agents in the **User-Agent** select box. Accepted values are:

* **Empty value.** This appears as an option in the select box. Select this value to allow or block incoming requests that do not have a User-Agent header.

<Frame>
  <img src="https://mintcdn.com/gcore/RT3cFfJozLV5h74r/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-user-agents-policy-empty.png?fit=max&auto=format&n=RT3cFfJozLV5h74r&q=85&s=61c728bca05d3a63feeb8974fc9aa6bd" alt="Empty value" width="1236" height="512" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/cdn-user-agents-policy-empty.png" />
</Frame>

* **User agent string.** Enter one or more unique user agents. The maximum length of each string is 255 characters. If you need to increase this limit, you can contact our [Gcore Support](mailto:support@gcore.com). You can provide exact User-Agent strings or regular expressions. Regular expressions must start with `~` for case-sensitive matching or `~*` for case-insensitive matching.

<Note>
  **Note**

  **User-Agent** text box cannot be left blank.
</Note>

5\. Click **Save changes**. Allow at least 15 minutes for the changes to take effect.

<Frame>
  <img src="https://mintcdn.com/gcore/dxycBbQXMfI-sCbi/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/11759524347409.png?fit=max&auto=format&n=dxycBbQXMfI-sCbi&q=85&s=7dc96203b87edae04954b43791ca95ac" alt="Save changes." width="2048" height="186" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/11759524347409.png" />
</Frame>

### Set via the API

To set the user agents using the API, the request must include the `user_agent_acl` object. The following is a sample code for the object:

```json theme={null}
"options": {  
    "user_agent_acl": {  
       "enabled": true,  
       "policy_type": "allow",  
       "excepted_values": [  
          "",  
          "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"  
      ]  
   }  
}
```

#### Request properties

The `user_agent_acl` object passes the following information:

| **Property**       | **Description**                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| *enabled*          | This property indicates whether to enable the User Agents Policy.<br />Possible values:<br />- true enables the option<br />- false disables the option                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| *policy\_type*     | This property indicates the action to apply to the matching request.<br />Possible values: <br />- allow allows the request<br />- deny blocks the request                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| *excepted\_values* | This property is an array of user agents to allow or block. The array must contain at least 1 item.<br />Possible values:<br />- two double quotation marks without a space in-between ("") represents the *empty value*, used to match requests that do not send a User-Agent header<br />- a string that represents the exact user agent, with a maximum length of 255 characters; if you need to increase this limit, you can contact our [Gcore Support](mailto:support@gcore.com)<br />- a regular expression prefixed with `~` for case-sensitive matching (for example, `~Mozilla.*`) or `~*` for case-insensitive matching (for example, `~*mozilla.*`) |

#### Example

This example shows a [CDN update](/api-reference/cdn) request that activates the User Agents Policy and blocks the requests without a User agent header.

<Frame>
  <img src="https://mintcdn.com/gcore/dxycBbQXMfI-sCbi/images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/11759524427921.png?fit=max&auto=format&n=dxycBbQXMfI-sCbi&q=85&s=e2693545de9f55caae1be884f5569d07" alt="CDN update request" width="2048" height="1066" data-path="images/docs/cdn/cdn-resource-options/security/control-access-to-the-content-with-country-referrer-ip-and-user-agents-policies/11759524427921.png" />
</Frame>
