docs/latest/admin/quick_howto/anonymous_blocking.html - trafficcontrol-website - Git at Google



 <!DOCTYPE html>
 <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
 <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
 <head>
   <meta charset="utf-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">

   <title>Configure Anonymous Blocking &mdash; Traffic Control 2.2-dev documentation </title>


     <link rel="shortcut icon" href="../../_static/favicon.ico"/>


     <link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />


     <link rel="stylesheet" href="../../_static/theme_overrides.css" type="text/css" />


         <link rel="index" title="Index"
               href="../../genindex.html"/>
         <link rel="search" title="Search" href="../../search.html"/>
     <link rel="top" title="Traffic Control 2.2-dev documentation" href="../../index.html"/>
         <link rel="up" title="Quick How To Guides" href="index.html"/>
         <link rel="next" title="Configure Delivery Service Steering" href="steering.html"/>
         <link rel="prev" title="Configure Regional Geo-blocking (RGB)" href="regionalgeo.html"/>


   <script src="_static/js/modernizr.min.js"></script>

 </head>

 <body class="wy-body-for-nav" role="document">

   <div class="wy-grid-for-nav">


     <nav data-toggle="wy-nav-shift" class="wy-nav-side">
       <div class="wy-side-nav-search">


           <a href="/" class="icon icon-home"> Traffic Control


           <img src="../../_static/tc_logo_c_only.png" class="logo" />

         </a>


 <div role="search">
   <form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
     <input type="text" name="q" placeholder="Search docs" />
     <input type="hidden" name="check_keywords" value="yes" />
     <input type="hidden" name="area" value="default" />
   </form>
 </div>


       </div>

       <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">


               <ul>
 <li class="toctree-l1"><a class="reference internal" href="../../basics/index.html">CDN Basics</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="../../basics/content_delivery_networks.html">Content Delivery Networks</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../basics/http_11.html">HTTP 1.1</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../basics/caching_proxies.html">Caching Proxies</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../basics/cache_revalidation.html">Cache Control Headers and Revalidation</a></li>
 </ul>
 </li>
 </ul>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../../overview/index.html">Traffic Control Overview</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="../../overview/introduction.html">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_ops.html">Traffic Ops</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_portal.html">Traffic Portal</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_router.html">Traffic Router</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_monitor.html">Traffic Monitor</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_stats.html">Traffic Stats</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_vault.html">Traffic Vault</a></li>
 </ul>
 </li>
 </ul>
 <ul class="current">
 <li class="toctree-l1 current"><a class="reference internal" href="../index.html">Administrator’s Guide</a><ul class="current">
 <li class="toctree-l2"><a class="reference internal" href="../traffic_ops/installation.html">Traffic Ops - Installing</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_ops/default_profiles.html">Traffic Ops - Default Profiles</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_ops/migration_from_10_to_20.html">Traffic Ops - Migrating from 1.x to 2.x</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_ops/migration_from_20_to_22.html">Traffic Ops - Migrating from 2.0 to 2.2</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_ops/configuration.html">Traffic Ops - Configuring</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_ops/using.html">Traffic Ops - Using</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_ops/extensions.html">Managing Traffic Ops Extensions</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_portal/installation.html">Traffic Portal Administration</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_portal/usingtrafficportal.html">Traffic Portal - Using</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_monitor.html">Traffic Monitor Administration (Legacy)</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_monitor_golang.html">Traffic Monitor Administration</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_router.html">Traffic Router Administration</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_stats.html">Traffic Stats Administration</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_server.html">Traffic Server Administration</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../traffic_vault.html">Traffic Vault Administration</a></li>
 <li class="toctree-l2 current"><a class="reference internal" href="index.html">Quick How To Guides</a></li>
 </ul>
 </li>
 </ul>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../../development/index.html">Developer’s Guide</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="../../development/building.html">Building Traffic Control</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../development/traffic_ops.html">Traffic Ops</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../development/traffic_portal.html">Traffic Portal</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../development/traffic_router.html">Traffic Router</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../development/traffic_monitor.html">Traffic Monitor Golang</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../development/traffic_stats.html">Traffic Stats</a></li>
 </ul>
 </li>
 </ul>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../../api/index.html">APIs</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="../../api/traffic_ops_api.html">API Overview</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../api/routes.html">API Routes</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../api/v11/index.html">API 1.1 Reference</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../api/v12/index.html">API 1.2 Reference</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../api/v13/index.html">API 1.3 Reference</a></li>
 </ul>
 </li>
 </ul>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../../faq/index.html">FAQ</a><ul>
 <li class="toctree-l2"><a class="reference internal" href="../../faq/general.html">General</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../faq/development.html">Development</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../faq/administration.html">Running a Traffic Control CDN</a></li>
 </ul>
 </li>
 </ul>
 <ul>
 <li class="toctree-l1"><a class="reference internal" href="../../glossary.html">Glossary</a></li>
 </ul>


       </div>
       &nbsp;
     </nav>

     <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">


       <nav class="wy-nav-top" role="navigation" aria-label="top navigation">
         <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
         <a href="../../index.html">Traffic Control</a>
       </nav>


       <div class="wy-nav-content">
         <div class="rst-content">
           <div role="navigation" aria-label="breadcrumbs navigation">
   <ul class="wy-breadcrumbs">
     <li><a href="../../index.html">Traffic Control 2.2-dev</a> &raquo;</li>

           <li><a href="../index.html">Administrator’s Guide</a> &raquo;</li>

           <li><a href="index.html">Quick How To Guides</a> &raquo;</li>

     <li>Configure Anonymous Blocking</li>
       <li class="wy-breadcrumbs-aside">

           <a href="../../_sources/admin/quick_howto/anonymous_blocking.rst.txt" rel="nofollow"> View page source</a>

       </li>
   </ul>
   <hr/>
 </div>

     		  <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">

         		  <a href="steering.html" class="btn btn-neutral float-right" title="Configure Delivery Service Steering">Next <span class="fa fa-arrow-circle-right"></span></a>


         		  <a href="regionalgeo.html" class="btn btn-neutral" title="Configure Regional Geo-blocking (RGB)"><span class="fa fa-arrow-circle-left"></span> Previous</a>

     		  </div>

           <div role="main" class="document">

   <div class="section" id="configure-anonymous-blocking">
 <span id="rl-anonymous-blocking-qht"></span><h1>Configure Anonymous Blocking<a class="headerlink" href="#configure-anonymous-blocking" title="Permalink to this headline">¶</a></h1>
 <div class="admonition note">
 <p class="first admonition-title">Note</p>
 <p class="last">Anonymous Blocking is only supported for HTTP delivery services.</p>
 </div>
 <ol class="arabic simple">
 <li>Prepare the Anonymous Blocking configuration file</li>
 </ol>
 <p>Anonymous Blocking uses a configuration file in JSON format to define blocking rules for delivery services. The file needs to be put on an HTTP server accessible to Traffic Router. An example of the JSON is as follows:</p>
 <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>

    <span class="s2">&quot;customer&quot;</span><span class="p">:</span> <span class="s2">&quot;YourCompany&quot;</span><span class="p">,</span>
    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="s2">&quot;1&quot;</span><span class="p">,</span>
    <span class="s2">&quot;date&quot;</span> <span class="p">:</span> <span class="s2">&quot;2017-05-23 03:28:25&quot;</span><span class="p">,</span>
    <span class="s2">&quot;name&quot;</span><span class="p">:</span> <span class="s2">&quot;Anonymous IP Blocking Policy&quot;</span><span class="p">,</span>

    <span class="s2">&quot;anonymousIp&quot;</span><span class="p">:</span> <span class="p">{</span> <span class="s2">&quot;blockAnonymousVPN&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
                     <span class="s2">&quot;blockHostingProvider&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
                     <span class="s2">&quot;blockPublicProxy&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
                     <span class="s2">&quot;blockTorExitNode&quot;</span><span class="p">:</span> <span class="n">true</span><span class="p">},</span>

    <span class="s2">&quot;ip4Whitelist&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;192.168.30.0/24&quot;</span><span class="p">,</span> <span class="s2">&quot;10.0.2.0/24&quot;</span><span class="p">,</span> <span class="s2">&quot;10.1.1.1/32&quot;</span><span class="p">],</span>

    <span class="s2">&quot;ip6Whitelist&quot;</span><span class="p">:</span> <span class="p">[</span><span class="s2">&quot;2001:550:90a::/48&quot;</span><span class="p">,</span> <span class="s2">&quot;::1/128&quot;</span><span class="p">],</span>

    <span class="s2">&quot;redirectUrl&quot;</span><span class="p">:</span> <span class="s2">&quot;http://youvebeenblocked.com&quot;</span>
 <span class="p">}</span>
 </pre></div>
 </div>
 <ul class="simple">
 <li>“anonymousIp” contains the types of IPs which can be checked against the Anonymous IP Database. There are 4 types of IPs which can be checked: VPNs, Hosting Providers, Public Proxies, and Tor Exit Nodes. Each type of IP can be enabled or disabled. If the value is true, IPs which match this type will be blocked when the feature is enabled in the delivery service. If the value is false, IPs which match this type will not be blocked. If an IP matches more than 1 type and any type is enabled, the IP will be blocked.</li>
 <li>“redirectUrl” is the URL that will be returned to the blocked clients. Without a redirectUrl, the clients will receive an HTTP response code 403. With a redirectUrl, the clients will be redirected with an HTTP response code 302.</li>
 <li>“ipWhiteList” is an optional element. It includes a list of CIDR (Classless Inter-Domain Routing) blocks indicating the IPv4 and IPv6 subnets that are allowed by the rule. If this list exists and the value is not empty, client IP will be matched against the CIDR list, and if there is any match, the request will be allowed. If there is no match in the white list, further anonymous blocking logic will continue.</li>
 </ul>
 <ol class="arabic simple" start="2">
 <li>Add Anonymous Blocking parameters on Traffic Ops</li>
 </ol>
 <p>The following three new parameters are required to be added into CRConfig.json:</p>
 <ul class="simple">
 <li>“anonymousip.policy.configuration”: the HTTP URL of the Anonymous Blocking configuration file. Traffic Router will fetch the file from this URL.</li>
 <li>“anonymousip.polling.url”: the HTTP URL of the Anonymous IP Database. Traffic Router will fetch the file from this URL.</li>
 <li>“anonymousip.polling.interval”: the interval that Traffic Router polls the Anonymous Blocking configuration file and Anonymous IP Database.</li>
 </ul>
 <a class="reference internal image-reference" href="../../_images/anonymous_blocking01.png"><img alt="../../_images/anonymous_blocking01.png" class="align-center" src="../../_images/anonymous_blocking01.png" style="width: 1720.0px; height: 374.0px;" /></a>
 <ol class="arabic simple" start="3">
 <li>Enable Anonmyous Blocking for a delivery service</li>
 </ol>
 <a class="reference internal image-reference" href="../../_images/anonymous_blocking02.png"><img alt="../../_images/anonymous_blocking02.png" class="align-center" src="../../_images/anonymous_blocking02.png" style="width: 1058.0px; height: 220.0px;" /></a>
 <ol class="arabic simple" start="4">
 <li>Make configuration effective</li>
 </ol>
 <p>Go to Tools-&gt;Snapshot CRConfig, perform “Diff CRConfig” and click “Write CRConfig”.</p>
 <a class="reference internal image-reference" href="../../_images/regionalgeo03.png"><img alt="../../_images/regionalgeo03.png" class="align-center" src="../../_images/regionalgeo03.png" style="width: 464.79999999999995px; height: 128.79999999999998px;" /></a>
 <ol class="arabic simple" start="5">
 <li>Traffic Router access log with Anonymous Blocking</li>
 </ol>
 <p>Anonymous Blocking extends the field of “rtype” and adds a new field “ANON_BLOCK” in Traffic Router access.log to help to monitor the working of this feature.</p>
 <p>If rtype=ANON_BLOCK then the client’s IP was found in the Anonymous IP Database and was blocked.</p>
 </div>


           </div>
           <footer>

     <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">

         <a href="steering.html" class="btn btn-neutral float-right" title="Configure Delivery Service Steering">Next <span class="fa fa-arrow-circle-right"></span></a>


         <a href="regionalgeo.html" class="btn btn-neutral" title="Configure Regional Geo-blocking (RGB)"><span class="fa fa-arrow-circle-left"></span> Previous</a>

     </div>


   <hr/>

   <div role="contentinfo">
     <p>
     </p>
   </div>
   Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.

 </footer>

         </div>
       </div>

     </section>

   </div>


   <div class="rst-versions" data-toggle="rst-versions" role="note" aria-label="versions">
     <span class="rst-current-version" data-toggle="rst-current-version">
       <span class="fa fa-book">Apache Traffic Control (Incubating)</span>
       v:
       <span class="fa fa-caret-down"></span>
     </span>
     <div class="rst-other-versions">
       <dl>
         <dt>Versions</dt>
         <dd><a href="/docs/master/">latest</a></dd>
         <dd><a href="/docs/2.0/">2.0</a></dd>
         <dd><a href="/docs/1.8.1/">1.8</a></dd>
         <dd><a href="/docs/1.7.0/">1.7</a></dd>
       </dl>
       <hr/>
       Free document hosting provided by <a href="http://www.readthedocs.org">Read the Docs</a>.

     </div>
   </div>


     <script type="text/javascript">
         var DOCUMENTATION_OPTIONS = {
             URL_ROOT:'../../',
             VERSION:'2.2-dev',
             COLLAPSE_INDEX:false,
             FILE_SUFFIX:'.html',
             HAS_SOURCE:  true,
             SOURCELINK_SUFFIX: '.txt'
         };
     </script>
       <script type="text/javascript" src="../../_static/jquery.js"></script>
       <script type="text/javascript" src="../../_static/underscore.js"></script>
       <script type="text/javascript" src="../../_static/doctools.js"></script>


     <script type="text/javascript" src="../../_static/js/theme.js"></script>


   <script type="text/javascript">
       jQuery(function () {
           SphinxRtdTheme.StickyNav.enable();
       });
   </script>


 </body>
 </html>




	<!DOCTYPE html>
	<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
	<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
	<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1.0">

	<title>Configure Anonymous Blocking — Traffic Control 2.2-dev documentation </title>




	<link rel="shortcut icon" href="../../_static/favicon.ico"/>












	<link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />



	<link rel="stylesheet" href="../../_static/theme_overrides.css" type="text/css" />



	<link rel="index" title="Index"
	href="../../genindex.html"/>
	<link rel="search" title="Search" href="../../search.html"/>
	<link rel="top" title="Traffic Control 2.2-dev documentation" href="../../index.html"/>
	<link rel="up" title="Quick How To Guides" href="index.html"/>
	<link rel="next" title="Configure Delivery Service Steering" href="steering.html"/>
	<link rel="prev" title="Configure Regional Geo-blocking (RGB)" href="regionalgeo.html"/>


	<script src="_static/js/modernizr.min.js"></script>

	</head>

	<body class="wy-body-for-nav" role="document">

	<div class="wy-grid-for-nav">


	<nav data-toggle="wy-nav-shift" class="wy-nav-side">
	<div class="wy-side-nav-search">



	<a href="/" class="icon icon-home"> Traffic Control




	<img src="../../_static/tc_logo_c_only.png" class="logo" />

	</a>


	<div role="search">
	<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
	<input type="text" name="q" placeholder="Search docs" />
	<input type="hidden" name="check_keywords" value="yes" />
	<input type="hidden" name="area" value="default" />
	</form>
	</div>


	</div>

	<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">



	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../../basics/index.html">CDN Basics</a><ul>
	<li class="toctree-l2"><a class="reference internal" href="../../basics/content_delivery_networks.html">Content Delivery Networks</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../basics/http_11.html">HTTP 1.1</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../basics/caching_proxies.html">Caching Proxies</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../basics/cache_revalidation.html">Cache Control Headers and Revalidation</a></li>
	</ul>
	</li>
	</ul>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../../overview/index.html">Traffic Control Overview</a><ul>
	<li class="toctree-l2"><a class="reference internal" href="../../overview/introduction.html">Introduction</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_ops.html">Traffic Ops</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_portal.html">Traffic Portal</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_router.html">Traffic Router</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_monitor.html">Traffic Monitor</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_stats.html">Traffic Stats</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../overview/traffic_vault.html">Traffic Vault</a></li>
	</ul>
	</li>
	</ul>
	<ul class="current">
	<li class="toctree-l1 current"><a class="reference internal" href="../index.html">Administrator’s Guide</a><ul class="current">
	<li class="toctree-l2"><a class="reference internal" href="../traffic_ops/installation.html">Traffic Ops - Installing</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_ops/default_profiles.html">Traffic Ops - Default Profiles</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_ops/migration_from_10_to_20.html">Traffic Ops - Migrating from 1.x to 2.x</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_ops/migration_from_20_to_22.html">Traffic Ops - Migrating from 2.0 to 2.2</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_ops/configuration.html">Traffic Ops - Configuring</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_ops/using.html">Traffic Ops - Using</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_ops/extensions.html">Managing Traffic Ops Extensions</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_portal/installation.html">Traffic Portal Administration</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_portal/usingtrafficportal.html">Traffic Portal - Using</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_monitor.html">Traffic Monitor Administration (Legacy)</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_monitor_golang.html">Traffic Monitor Administration</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_router.html">Traffic Router Administration</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_stats.html">Traffic Stats Administration</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_server.html">Traffic Server Administration</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../traffic_vault.html">Traffic Vault Administration</a></li>
	<li class="toctree-l2 current"><a class="reference internal" href="index.html">Quick How To Guides</a></li>
	</ul>
	</li>
	</ul>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../../development/index.html">Developer’s Guide</a><ul>
	<li class="toctree-l2"><a class="reference internal" href="../../development/building.html">Building Traffic Control</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../development/traffic_ops.html">Traffic Ops</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../development/traffic_portal.html">Traffic Portal</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../development/traffic_router.html">Traffic Router</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../development/traffic_monitor.html">Traffic Monitor Golang</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../development/traffic_stats.html">Traffic Stats</a></li>
	</ul>
	</li>
	</ul>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../../api/index.html">APIs</a><ul>
	<li class="toctree-l2"><a class="reference internal" href="../../api/traffic_ops_api.html">API Overview</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../api/routes.html">API Routes</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../api/v11/index.html">API 1.1 Reference</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../api/v12/index.html">API 1.2 Reference</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../api/v13/index.html">API 1.3 Reference</a></li>
	</ul>
	</li>
	</ul>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../../faq/index.html">FAQ</a><ul>
	<li class="toctree-l2"><a class="reference internal" href="../../faq/general.html">General</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../faq/development.html">Development</a></li>
	<li class="toctree-l2"><a class="reference internal" href="../../faq/administration.html">Running a Traffic Control CDN</a></li>
	</ul>
	</li>
	</ul>
	<ul>
	<li class="toctree-l1"><a class="reference internal" href="../../glossary.html">Glossary</a></li>
	</ul>



	</div>

	</nav>

	<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">


	<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
	<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
	<a href="../../index.html">Traffic Control</a>
	</nav>



	<div class="wy-nav-content">
	<div class="rst-content">
	<div role="navigation" aria-label="breadcrumbs navigation">
	<ul class="wy-breadcrumbs">
	<li><a href="../../index.html">Traffic Control 2.2-dev</a> »</li>

	<li><a href="../index.html">Administrator’s Guide</a> »</li>

	<li><a href="index.html">Quick How To Guides</a> »</li>

	<li>Configure Anonymous Blocking</li>
	<li class="wy-breadcrumbs-aside">

	<a href="../../_sources/admin/quick_howto/anonymous_blocking.rst.txt" rel="nofollow"> View page source</a>

	</li>
	</ul>
	<hr/>
	</div>

	<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">

	<a href="steering.html" class="btn btn-neutral float-right" title="Configure Delivery Service Steering">Next <span class="fa fa-arrow-circle-right"></span></a>


	<a href="regionalgeo.html" class="btn btn-neutral" title="Configure Regional Geo-blocking (RGB)"><span class="fa fa-arrow-circle-left"></span> Previous</a>

	</div>

	<div role="main" class="document">

	<div class="section" id="configure-anonymous-blocking">
	<span id="rl-anonymous-blocking-qht"></span><h1>Configure Anonymous Blocking<a class="headerlink" href="#configure-anonymous-blocking" title="Permalink to this headline">¶</a></h1>
	<div class="admonition note">
	<p class="first admonition-title">Note</p>
	<p class="last">Anonymous Blocking is only supported for HTTP delivery services.</p>
	</div>
	<ol class="arabic simple">
	<li>Prepare the Anonymous Blocking configuration file</li>
	</ol>
	<p>Anonymous Blocking uses a configuration file in JSON format to define blocking rules for delivery services. The file needs to be put on an HTTP server accessible to Traffic Router. An example of the JSON is as follows:</p>
	<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>

	<span class="s2">"customer"</span><span class="p">:</span> <span class="s2">"YourCompany"</span><span class="p">,</span>
	<span class="s2">"version"</span><span class="p">:</span> <span class="s2">"1"</span><span class="p">,</span>
	<span class="s2">"date"</span> <span class="p">:</span> <span class="s2">"2017-05-23 03:28:25"</span><span class="p">,</span>
	<span class="s2">"name"</span><span class="p">:</span> <span class="s2">"Anonymous IP Blocking Policy"</span><span class="p">,</span>

	<span class="s2">"anonymousIp"</span><span class="p">:</span> <span class="p">{</span> <span class="s2">"blockAnonymousVPN"</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
	<span class="s2">"blockHostingProvider"</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
	<span class="s2">"blockPublicProxy"</span><span class="p">:</span> <span class="n">true</span><span class="p">,</span>
	<span class="s2">"blockTorExitNode"</span><span class="p">:</span> <span class="n">true</span><span class="p">},</span>

	<span class="s2">"ip4Whitelist"</span><span class="p">:</span> <span class="p">[</span><span class="s2">"192.168.30.0/24"</span><span class="p">,</span> <span class="s2">"10.0.2.0/24"</span><span class="p">,</span> <span class="s2">"10.1.1.1/32"</span><span class="p">],</span>

	<span class="s2">"ip6Whitelist"</span><span class="p">:</span> <span class="p">[</span><span class="s2">"2001:550:90a::/48"</span><span class="p">,</span> <span class="s2">"::1/128"</span><span class="p">],</span>

	<span class="s2">"redirectUrl"</span><span class="p">:</span> <span class="s2">"http://youvebeenblocked.com"</span>
	<span class="p">}</span>
	</pre></div>
	</div>
	<ul class="simple">
	<li>“anonymousIp” contains the types of IPs which can be checked against the Anonymous IP Database. There are 4 types of IPs which can be checked: VPNs, Hosting Providers, Public Proxies, and Tor Exit Nodes. Each type of IP can be enabled or disabled. If the value is true, IPs which match this type will be blocked when the feature is enabled in the delivery service. If the value is false, IPs which match this type will not be blocked. If an IP matches more than 1 type and any type is enabled, the IP will be blocked.</li>
	<li>“redirectUrl” is the URL that will be returned to the blocked clients. Without a redirectUrl, the clients will receive an HTTP response code 403. With a redirectUrl, the clients will be redirected with an HTTP response code 302.</li>
	<li>“ipWhiteList” is an optional element. It includes a list of CIDR (Classless Inter-Domain Routing) blocks indicating the IPv4 and IPv6 subnets that are allowed by the rule. If this list exists and the value is not empty, client IP will be matched against the CIDR list, and if there is any match, the request will be allowed. If there is no match in the white list, further anonymous blocking logic will continue.</li>
	</ul>
	<ol class="arabic simple" start="2">
	<li>Add Anonymous Blocking parameters on Traffic Ops</li>
	</ol>
	<p>The following three new parameters are required to be added into CRConfig.json:</p>
	<ul class="simple">
	<li>“anonymousip.policy.configuration”: the HTTP URL of the Anonymous Blocking configuration file. Traffic Router will fetch the file from this URL.</li>
	<li>“anonymousip.polling.url”: the HTTP URL of the Anonymous IP Database. Traffic Router will fetch the file from this URL.</li>
	<li>“anonymousip.polling.interval”: the interval that Traffic Router polls the Anonymous Blocking configuration file and Anonymous IP Database.</li>
	</ul>
	<a class="reference internal image-reference" href="../../_images/anonymous_blocking01.png"><img alt="../../_images/anonymous_blocking01.png" class="align-center" src="../../_images/anonymous_blocking01.png" style="width: 1720.0px; height: 374.0px;" /></a>
	<ol class="arabic simple" start="3">
	<li>Enable Anonmyous Blocking for a delivery service</li>
	</ol>
	<a class="reference internal image-reference" href="../../_images/anonymous_blocking02.png"><img alt="../../_images/anonymous_blocking02.png" class="align-center" src="../../_images/anonymous_blocking02.png" style="width: 1058.0px; height: 220.0px;" /></a>
	<ol class="arabic simple" start="4">
	<li>Make configuration effective</li>
	</ol>
	<p>Go to Tools->Snapshot CRConfig, perform “Diff CRConfig” and click “Write CRConfig”.</p>
	<a class="reference internal image-reference" href="../../_images/regionalgeo03.png"><img alt="../../_images/regionalgeo03.png" class="align-center" src="../../_images/regionalgeo03.png" style="width: 464.79999999999995px; height: 128.79999999999998px;" /></a>
	<ol class="arabic simple" start="5">
	<li>Traffic Router access log with Anonymous Blocking</li>
	</ol>
	<p>Anonymous Blocking extends the field of “rtype” and adds a new field “ANON_BLOCK” in Traffic Router access.log to help to monitor the working of this feature.</p>
	<p>If rtype=ANON_BLOCK then the client’s IP was found in the Anonymous IP Database and was blocked.</p>
	</div>


	</div>
	<footer>

	<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">

	<a href="steering.html" class="btn btn-neutral float-right" title="Configure Delivery Service Steering">Next <span class="fa fa-arrow-circle-right"></span></a>


	<a href="regionalgeo.html" class="btn btn-neutral" title="Configure Regional Geo-blocking (RGB)"><span class="fa fa-arrow-circle-left"></span> Previous</a>

	</div>


	<hr/>

	<div role="contentinfo">
	<p>
	</p>
	</div>
	Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.

	</footer>

	</div>
	</div>

	</section>

	</div>



	<div class="rst-versions" data-toggle="rst-versions" role="note" aria-label="versions">
	<span class="rst-current-version" data-toggle="rst-current-version">
	<span class="fa fa-book">Apache Traffic Control (Incubating)</span>
	v:
	<span class="fa fa-caret-down"></span>
	</span>
	<div class="rst-other-versions">
	<dl>
	<dt>Versions</dt>
	<dd><a href="/docs/master/">latest</a></dd>
	<dd><a href="/docs/2.0/">2.0</a></dd>
	<dd><a href="/docs/1.8.1/">1.8</a></dd>
	<dd><a href="/docs/1.7.0/">1.7</a></dd>
	</dl>
	<hr/>
	Free document hosting provided by <a href="http://www.readthedocs.org">Read the Docs</a>.

	</div>
	</div>



	<script type="text/javascript">
	var DOCUMENTATION_OPTIONS = {
	URL_ROOT:'../../',
	VERSION:'2.2-dev',
	COLLAPSE_INDEX:false,
	FILE_SUFFIX:'.html',
	HAS_SOURCE: true,
	SOURCELINK_SUFFIX: '.txt'
	};
	</script>
	<script type="text/javascript" src="../../_static/jquery.js"></script>
	<script type="text/javascript" src="../../_static/underscore.js"></script>
	<script type="text/javascript" src="../../_static/doctools.js"></script>





	<script type="text/javascript" src="../../_static/js/theme.js"></script>




	<script type="text/javascript">
	jQuery(function () {
	SphinxRtdTheme.StickyNav.enable();
	});
	</script>


	</body>
	</html>