.svg?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp)
.png?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.svg?format=pjpg&auto=webp){kind=icon}
.png?format=pjpg&auto=webp)
.svg?format=pjpg&auto=webp){kind=icon}
IP-based Access Control Using Edge Functions in Launch
This guide explains how to implement IP-based access control using Edge Functions in Contentstack Launch. This feature helps you restrict or allow traffic to your site’s origin only from specific IP ranges, such as internal networks or trusted CDN providers.
Implementing IP Filtering with Edge Functions
In many enterprise scenarios, you may want to restrict access to your Launch-hosted site so that only specific IP addresses (e.g., from your CDN provider like Akamai) can reach the origin server. This can be achieved by implementing IP Allowlisting or Restricting using Edge Functions.
With Contentstack Launch, you can set up IP-based access rules using custom logic deployed at the edge (Edge Functions), enabling real-time filtering before the request hits your origin.
Common Use Cases for IP-based Access Control
- Restrict access to origin servers only to requests from a particular CDN.
- Block specific malicious or unwanted IP addresses from accessing your site.
- Allow internal teams (based on corporate IPs) to preview restricted environments.
Additional Resource: Refer to the Edge Functions Guide to set up an edge function in your Launch application to add the custom logic for IP access control.
IP Allowlisting: Permit Traffic from Trusted IPs
Only allow traffic from a predefined list of IP addresses.
You can achieve IP allowlisting through Launch Edge Functions as follows:
export default async function handler(request) {
const allowedIPs = [
// Add trusted IPs here
];
const clientIP = request.headers.get("x-forwarded-for") || "";
const clientIPList = clientIP.split(",").map(ip => ip.trim());
const allowed = clientIPList.some(ip => allowedIPs.includes(ip));
//your custom logic
if (!allowed) {
return new Response("Forbidden. Your IP is not allowed.", { status: 403 });
}
return fetch(request);
}- Refer to the Launch Edge IP Allowlist Example for a quick understanding.
- Learn more about x-forwarded-for.
IP Restricting: Deny Access from Blocked IPs
Deny traffic from a specific set of IP addresses.
export default async function handler(request) {
const blockedIPs = [
// Add restricted IPs here
];
const clientIP = request.headers.get("x-forwarded-for") || "";
const clientIPList = clientIP.split(",").map(ip => ip.trim());
const blocked = clientIPList.some(ip => blockedIPs.includes(ip));
if (blocked) {
return new Response("Forbidden. Your IP has been restricted.", { status: 403 });
}
return fetch(request);
}Additional Resource: Refer to the Launch Edge Restrict IP Example for a quick understanding.
More articles in "Launch How to Guides"
