Security Rule

Security Rule controls where and with whom the API Key or Token associated with the security group can be used.

Here are the features of the Security Rule:

• Security Rules are always allowed, so you cannot create a rule to deny access.
• You can add and remove rules at any time. Changes are automatically applied to the API Key or Token associated with the Security Group.

IPv4

Security Rule supports IPv4 and IPv4 CIDR and restricts access by comparing API Key or Token user's IPv4 address. Calls from IPs not on that rule will be blocked. Also, it does not work properly when entering a private IP or loopback address.

• Here are some normal examples:

  • 0.0.0.0/0
  • 142.251.42.142
  • 142.251.42.142/32
  • 142.251.42.142/24

• Here are some abnormal examples:

  • 127.0.0.1
  • 10.0.0.1/16
  • 172.16.0.1/24
  • 192.168.0.1/16

Referer

Restrict access to specific websites only. The referer value is automatically entered by the web browser, but care must always be taken because it can be manipulated.

Here are some examples using referer:

• A specific URL with an exact path : https://example.com/path (opens in a new tab)
• URL with wildcards : https://example.com/ (opens in a new tab)*
• URL with port : https://example.com:8000/ (opens in a new tab)*

If the address of the site using Render-it is https://example.com (opens in a new tab), refer to the following example. Calls are allowed if referer is registered as below:

• https://*
• https://*.*
• https://*.*:443
• https://*.com
• https://example.com (opens in a new tab)
• https://example.com/ (opens in a new tab)*

Calls are blocked when referer is registered as below:

• https://*.*:80
• http://*.*
• https://example.com/path (opens in a new tab)