Use Cases
Tenant Access Control List (ACL) is an Early Access Service and currently available only to customers on an Enterprise plan with the Attack Protection add-on.
By using this feature, you agree to the applicable Free Trial Service terms described in Okta’s Master Subscription Agreement and to Okta’s Privacy Policy.
To learn more about Auth0 releases, review Product Release Stages.
Tenant ACL Early Access Restrictions and Limitations
Restrictions
Customers on an Enterprise plan with the Attack Protection add-on can create up to 10 Tenant ACLs.
Each Tenant ACL can include up to 10 entries per source identifier (such as IPv4, CIDR, and more).
Limitations
The User Agent identifier is not supported when using self-managed custom domains.
The
auth0-forwarded-forheader is not supported.
Coming soon
Customers on any Enterprise plan can create up to one (1) Tenant ACL.
Tenant Access Control List (ACL) provides the power and flexibility needed to handle a large variety of scenarios.
Block a request
Here is an example of a Tenant ACL rule that blocks incoming traffic from a specific geolocation country code.
curl --request POST \
--url 'https://{yourDomain}/api/v2/network-acls' \
--header 'authorization: Bearer MANAGEMENT_API_TOKEN' \
--header 'content-type: application/json' \
--data '{
"description": "Example of a blocking request",
"active": true,
“priority”: 2,
"rule": {
"action": { "block": true },
"match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
"scope": "authentication"
}
}'Was this helpful?
/
var client = new RestClient("https://{yourDomain}/api/v2/network-acls");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer MANAGEMENT_API_TOKEN");
request.AddParameter("application/json", "{\n \"description\": \"Example of a blocking request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/api/v2/network-acls"
payload := strings.NewReader("{\n \"description\": \"Example of a blocking request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("content-type", "application/json")
req.Header.Add("authorization", "Bearer MANAGEMENT_API_TOKEN")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://{yourDomain}/api/v2/network-acls")
.header("content-type", "application/json")
.header("authorization", "Bearer MANAGEMENT_API_TOKEN")
.body("{\n \"description\": \"Example of a blocking request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://{yourDomain}/api/v2/network-acls',
headers: {
'content-type': 'application/json',
authorization: 'Bearer MANAGEMENT_API_TOKEN'
},
data: '{\n "description": "Example of a blocking request",\n "active": true,\n “priority”: 2,\n "rule": {\n "action": { "block": true },\n "match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },\n "scope": "authentication"\n }\n}'
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"content-type": @"application/json",
@"authorization": @"Bearer MANAGEMENT_API_TOKEN" };
NSData *postData = [[NSData alloc] initWithData:[@"{
"description": "Example of a blocking request",
"active": true,
“priority”: 2,
"rule": {
"action": { "block": true },
"match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
"scope": "authentication"
}
}" dataUsingEncoding:NSUTF8StringEncoding]];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/network-acls"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/api/v2/network-acls",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n \"description\": \"Example of a blocking request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}",
CURLOPT_HTTPHEADER => [
"authorization: Bearer MANAGEMENT_API_TOKEN",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{\n \"description\": \"Example of a blocking request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}"
headers = {
'content-type': "application/json",
'authorization': "Bearer MANAGEMENT_API_TOKEN"
}
conn.request("POST", "/{yourDomain}/api/v2/network-acls", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/api/v2/network-acls")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer MANAGEMENT_API_TOKEN'
request.body = "{\n \"description\": \"Example of a blocking request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = [
"content-type": "application/json",
"authorization": "Bearer MANAGEMENT_API_TOKEN"
]
let postData = NSData(data: "{
"description": "Example of a blocking request",
"active": true,
“priority”: 2,
"rule": {
"action": { "block": true },
"match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
"scope": "authentication"
}
}".data(using: String.Encoding.utf8)!)
let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/network-acls")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Example of a block page
Allow a request
Here is an example of a Tenant ACL rule that allows traffic only from a specific geolocation country code.
curl --request POST \
--url 'https://{yourDomain}/api/v2/network-acls' \
--header 'authorization: Bearer MANAGEMENT_API_TOKEN' \
--header 'content-type: application/json' \
--data '{
"description": "Example of allowing a request",
"active": true,
“priority”: 2,
"rule": {
"action": { "allow": true },
"match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
"scope": "authentication"
}
}'Was this helpful?
/
var client = new RestClient("https://{yourDomain}/api/v2/network-acls");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer MANAGEMENT_API_TOKEN");
request.AddParameter("application/json", "{\n \"description\": \"Example of allowing a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"allow\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/api/v2/network-acls"
payload := strings.NewReader("{\n \"description\": \"Example of allowing a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"allow\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("content-type", "application/json")
req.Header.Add("authorization", "Bearer MANAGEMENT_API_TOKEN")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://{yourDomain}/api/v2/network-acls")
.header("content-type", "application/json")
.header("authorization", "Bearer MANAGEMENT_API_TOKEN")
.body("{\n \"description\": \"Example of allowing a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"allow\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://{yourDomain}/api/v2/network-acls',
headers: {
'content-type': 'application/json',
authorization: 'Bearer MANAGEMENT_API_TOKEN'
},
data: '{\n "description": "Example of allowing a request",\n "active": true,\n “priority”: 2,\n "rule": {\n "action": { "allow": true },\n "match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },\n "scope": "authentication"\n }\n}'
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"content-type": @"application/json",
@"authorization": @"Bearer MANAGEMENT_API_TOKEN" };
NSData *postData = [[NSData alloc] initWithData:[@"{
"description": "Example of allowing a request",
"active": true,
“priority”: 2,
"rule": {
"action": { "allow": true },
"match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
"scope": "authentication"
}
}" dataUsingEncoding:NSUTF8StringEncoding]];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/network-acls"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/api/v2/network-acls",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n \"description\": \"Example of allowing a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"allow\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}",
CURLOPT_HTTPHEADER => [
"authorization: Bearer MANAGEMENT_API_TOKEN",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{\n \"description\": \"Example of allowing a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"allow\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}"
headers = {
'content-type': "application/json",
'authorization': "Bearer MANAGEMENT_API_TOKEN"
}
conn.request("POST", "/{yourDomain}/api/v2/network-acls", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/api/v2/network-acls")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer MANAGEMENT_API_TOKEN'
request.body = "{\n \"description\": \"Example of allowing a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"allow\": true },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = [
"content-type": "application/json",
"authorization": "Bearer MANAGEMENT_API_TOKEN"
]
let postData = NSData(data: "{
"description": "Example of allowing a request",
"active": true,
“priority”: 2,
"rule": {
"action": { "allow": true },
"match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
"scope": "authentication"
}
}".data(using: String.Encoding.utf8)!)
let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/network-acls")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Redirect a request
Here is an example of a Tenant ACL rule that redirects all traffic from a specific geolocation country code.
curl --request POST \
--url 'https://{yourDomain}/api/v2/network-acls' \
--header 'authorization: Bearer MANAGEMENT_API_TOKEN' \
--header 'content-type: application/json' \
--data '{
"description": "Example of redirecting a request",
"active": true,
“priority”: 2,
"rule": {
"action": { "redirect": true, "redirect_uri": "REDIRECT_URI" },
"match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
"scope": "authentication"
}
}'Was this helpful?
/
var client = new RestClient("https://{yourDomain}/api/v2/network-acls");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer MANAGEMENT_API_TOKEN");
request.AddParameter("application/json", "{\n \"description\": \"Example of redirecting a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"redirect\": true, \"redirect_uri\": \"REDIRECT_URI\" },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/api/v2/network-acls"
payload := strings.NewReader("{\n \"description\": \"Example of redirecting a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"redirect\": true, \"redirect_uri\": \"REDIRECT_URI\" },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("content-type", "application/json")
req.Header.Add("authorization", "Bearer MANAGEMENT_API_TOKEN")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://{yourDomain}/api/v2/network-acls")
.header("content-type", "application/json")
.header("authorization", "Bearer MANAGEMENT_API_TOKEN")
.body("{\n \"description\": \"Example of redirecting a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"redirect\": true, \"redirect_uri\": \"REDIRECT_URI\" },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://{yourDomain}/api/v2/network-acls',
headers: {
'content-type': 'application/json',
authorization: 'Bearer MANAGEMENT_API_TOKEN'
},
data: '{\n "description": "Example of redirecting a request",\n "active": true,\n “priority”: 2,\n "rule": {\n "action": { "redirect": true, "redirect_uri": "REDIRECT_URI" },\n "match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },\n "scope": "authentication"\n }\n}'
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"content-type": @"application/json",
@"authorization": @"Bearer MANAGEMENT_API_TOKEN" };
NSData *postData = [[NSData alloc] initWithData:[@"{
"description": "Example of redirecting a request",
"active": true,
“priority”: 2,
"rule": {
"action": { "redirect": true, "redirect_uri": "REDIRECT_URI" },
"match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
"scope": "authentication"
}
}" dataUsingEncoding:NSUTF8StringEncoding]];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/network-acls"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/api/v2/network-acls",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n \"description\": \"Example of redirecting a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"redirect\": true, \"redirect_uri\": \"REDIRECT_URI\" },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}",
CURLOPT_HTTPHEADER => [
"authorization: Bearer MANAGEMENT_API_TOKEN",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{\n \"description\": \"Example of redirecting a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"redirect\": true, \"redirect_uri\": \"REDIRECT_URI\" },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}"
headers = {
'content-type': "application/json",
'authorization': "Bearer MANAGEMENT_API_TOKEN"
}
conn.request("POST", "/{yourDomain}/api/v2/network-acls", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/api/v2/network-acls")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer MANAGEMENT_API_TOKEN'
request.body = "{\n \"description\": \"Example of redirecting a request\",\n \"active\": true,\n “priority”: 2,\n \"rule\": {\n \"action\": { \"redirect\": true, \"redirect_uri\": \"REDIRECT_URI\" },\n \"match\": { \"geo_country_codes\": [\"GEO_COUNTRY_CODE\"] },\n \"scope\": \"authentication\"\n }\n}"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = [
"content-type": "application/json",
"authorization": "Bearer MANAGEMENT_API_TOKEN"
]
let postData = NSData(data: "{
"description": "Example of redirecting a request",
"active": true,
“priority”: 2,
"rule": {
"action": { "redirect": true, "redirect_uri": "REDIRECT_URI" },
"match": { "geo_country_codes": ["GEO_COUNTRY_CODE"] },
"scope": "authentication"
}
}".data(using: String.Encoding.utf8)!)
let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/network-acls")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Complex comparisons
You can combine the match and not_match operators in a single Tenant ACL rule to enforce fine-grained access policies.
Here is an example of a Tenant ACL rule that evaluates the geo_country_code and geo_subdivision_code signals to block all traffic from a given country except for a specific state, region, or province within that country.
curl --request POST \
--url 'https://{yourDomain}/api/v2/network-acls' \
--header 'authorization: Bearer MANAGEMENT_API_TOKEN' \
--header 'content-type: application/json' \
--data '{
"description": "Creating a new access control list",
"active": false,
"priority": 1,
"rule": {
"action": { "block": true },
"match": { "geo_country_codes": [ "GEO_COUNTRY_CODE"] },
"not_match": { "geo_subdivision_codes": [ "GEO_SUBDIVISION_CODE" ] },
"scope": "authentication"
}
}'Was this helpful?
/
var client = new RestClient("https://{yourDomain}/api/v2/network-acls");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer MANAGEMENT_API_TOKEN");
request.AddParameter("application/json", "{\n \"description\": \"Creating a new access control list\",\n \"active\": false,\n \"priority\": 1,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [ \"GEO_COUNTRY_CODE\"] },\n \"not_match\": { \"geo_subdivision_codes\": [ \"GEO_SUBDIVISION_CODE\" ] },\n \"scope\": \"authentication\"\n }\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/api/v2/network-acls"
payload := strings.NewReader("{\n \"description\": \"Creating a new access control list\",\n \"active\": false,\n \"priority\": 1,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [ \"GEO_COUNTRY_CODE\"] },\n \"not_match\": { \"geo_subdivision_codes\": [ \"GEO_SUBDIVISION_CODE\" ] },\n \"scope\": \"authentication\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("content-type", "application/json")
req.Header.Add("authorization", "Bearer MANAGEMENT_API_TOKEN")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://{yourDomain}/api/v2/network-acls")
.header("content-type", "application/json")
.header("authorization", "Bearer MANAGEMENT_API_TOKEN")
.body("{\n \"description\": \"Creating a new access control list\",\n \"active\": false,\n \"priority\": 1,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [ \"GEO_COUNTRY_CODE\"] },\n \"not_match\": { \"geo_subdivision_codes\": [ \"GEO_SUBDIVISION_CODE\" ] },\n \"scope\": \"authentication\"\n }\n}")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://{yourDomain}/api/v2/network-acls',
headers: {
'content-type': 'application/json',
authorization: 'Bearer MANAGEMENT_API_TOKEN'
},
data: {
description: 'Creating a new access control list',
active: false,
priority: 1,
rule: {
action: {block: true},
match: {geo_country_codes: ['GEO_COUNTRY_CODE']},
not_match: {geo_subdivision_codes: ['GEO_SUBDIVISION_CODE']},
scope: 'authentication'
}
}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"content-type": @"application/json",
@"authorization": @"Bearer MANAGEMENT_API_TOKEN" };
NSDictionary *parameters = @{ @"description": @"Creating a new access control list",
@"active": @NO,
@"priority": @1,
@"rule": @{ @"action": @{ @"block": @YES }, @"match": @{ @"geo_country_codes": @[ @"GEO_COUNTRY_CODE" ] }, @"not_match": @{ @"geo_subdivision_codes": @[ @"GEO_SUBDIVISION_CODE" ] }, @"scope": @"authentication" } };
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/network-acls"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/api/v2/network-acls",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\n \"description\": \"Creating a new access control list\",\n \"active\": false,\n \"priority\": 1,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [ \"GEO_COUNTRY_CODE\"] },\n \"not_match\": { \"geo_subdivision_codes\": [ \"GEO_SUBDIVISION_CODE\" ] },\n \"scope\": \"authentication\"\n }\n}",
CURLOPT_HTTPHEADER => [
"authorization: Bearer MANAGEMENT_API_TOKEN",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{\n \"description\": \"Creating a new access control list\",\n \"active\": false,\n \"priority\": 1,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [ \"GEO_COUNTRY_CODE\"] },\n \"not_match\": { \"geo_subdivision_codes\": [ \"GEO_SUBDIVISION_CODE\" ] },\n \"scope\": \"authentication\"\n }\n}"
headers = {
'content-type': "application/json",
'authorization': "Bearer MANAGEMENT_API_TOKEN"
}
conn.request("POST", "/{yourDomain}/api/v2/network-acls", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/api/v2/network-acls")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer MANAGEMENT_API_TOKEN'
request.body = "{\n \"description\": \"Creating a new access control list\",\n \"active\": false,\n \"priority\": 1,\n \"rule\": {\n \"action\": { \"block\": true },\n \"match\": { \"geo_country_codes\": [ \"GEO_COUNTRY_CODE\"] },\n \"not_match\": { \"geo_subdivision_codes\": [ \"GEO_SUBDIVISION_CODE\" ] },\n \"scope\": \"authentication\"\n }\n}"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = [
"content-type": "application/json",
"authorization": "Bearer MANAGEMENT_API_TOKEN"
]
let parameters = [
"description": "Creating a new access control list",
"active": false,
"priority": 1,
"rule": [
"action": ["block": true],
"match": ["geo_country_codes": ["GEO_COUNTRY_CODE"]],
"not_match": ["geo_subdivision_codes": ["GEO_SUBDIVISION_CODE"]],
"scope": "authentication"
]
] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/network-acls")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/