From 0d4d0cd13106098f6d76ba0647c108c56746ff06 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Tue, 10 Mar 2020 11:51:11 -0500 Subject: [PATCH 01/20] Updated instructions for creating custom VCL for IP allowlist - Changed topic title from "Secure access to the Magento Admin UI" to more generic "Create custom VCL for IP allowlist" - Clarified VCL snippet JSON example showing allowlist logic and the two options for adding from Magento Admin or using Fastly API - Renamed Custom VCL for blocking topic ==> Custom VCL for IP block list to match the topic title for allowlist - Updated topic titles in TOC - Updated all custom VCL example topics to have parallel structure and content - Removed escaping from VCL code examples -- escaping only needed if you submit snippet as JSON string -- and added note about when to escape special characters with link to Fastly VCL reference for examples. --- src/_data/toc/cloud-guide.yml | 4 +- src/cloud/cdn/cloud-vcl-custom-snippets.md | 7 +-- src/cloud/cdn/fastly-vcl-badreferer.md | 18 +++--- src/cloud/cdn/fastly-vcl-blocking.md | 64 +++++++++++++++++----- src/cloud/cdn/fastly-vcl-whitelist.md | 42 ++++++++------ src/cloud/cdn/fastly-vcl-wordpress.md | 2 +- src/cloud/trouble/robots-sitemap.md | 11 ++-- 7 files changed, 98 insertions(+), 50 deletions(-) diff --git a/src/_data/toc/cloud-guide.yml b/src/_data/toc/cloud-guide.yml index 4dc66c83422..fa2e48a1760 100644 --- a/src/_data/toc/cloud-guide.yml +++ b/src/_data/toc/cloud-guide.yml @@ -270,11 +270,11 @@ pages: url: /cloud/cdn/fastly-vcl-badreferer.html versionless: true - - label: Secure access to the Magento Admin UI + - label: Custom VCL for IP allowlist url: /cloud/cdn/fastly-vcl-whitelist.html versionless: true - - label: Custom VCL for blocking + - label: Custom VCL for IP block list url: /cloud/cdn/fastly-vcl-blocking.html versionless: true diff --git a/src/cloud/cdn/cloud-vcl-custom-snippets.md b/src/cloud/cdn/cloud-vcl-custom-snippets.md index 6e7f06d6043..8fb98e28980 100644 --- a/src/cloud/cdn/cloud-vcl-custom-snippets.md +++ b/src/cloud/cdn/cloud-vcl-custom-snippets.md @@ -44,7 +44,7 @@ You can create and manage custom VCL snippets from the Magento Admin UI or by us ### Example VCL snippet code {#vcl-curl} -The following example shows the custom VCL snippet that filters traffic by client IP address in JSON format. +The following example shows the custom VCL snippet (JSON format) that filters traffic by client IP address: ```json { @@ -59,7 +59,7 @@ The following example shows the custom VCL snippet that filters traffic by clien ``` {: .bs-callout-warning} -In this example, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. If you submit the VCL code snippet from the Magento Admin UI, or as a JSON string using the Fastly API, you must escape special characters to prevent validation errors. See the example in [Secure the Magento Admin UI]({{ site.baseurl }}/cloud/cdn/fastly-vcl-whitelist.html#vcl). +In this example, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. You can also submit the snippet in the API request as a JSON string, but you must escape special characters in the code to prevent validation errors. See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. The VCL logic in the `content` field performs the following actions: @@ -90,8 +90,7 @@ The *Custom VCL snippets* view shows only the snippets added through the Magento See the following examples that show how to create and manage custom VCL snippets from the Magento Admin UI: -- [Secure access to the Magento Admin UI]({{ site.baseurl }}/cloud/cdn/fastly-vcl-whitelist.html) -- [Set up redirects to WordPress using Fastly]({{ site.baseurl }}/cloud/cdn/fastly-vcl-wordpress.html) +- [Custom VCL for IP allowlist]({{ site.baseurl }}/cloud/cdn/fastly-vcl-whitelist.html) - [Block referral spam]({{ site.baseurl }}/cloud/cdn/fastly-vcl-badreferer.html) ## Manage custom VCL snippets using the API diff --git a/src/cloud/cdn/fastly-vcl-badreferer.md b/src/cloud/cdn/fastly-vcl-badreferer.md index f570e608510..0675e9bd61f 100644 --- a/src/cloud/cdn/fastly-vcl-badreferer.md +++ b/src/cloud/cdn/fastly-vcl-badreferer.md @@ -59,7 +59,7 @@ For more information about Edge Dictionaries, see [Creating and using Edge Dicti ## Create a custom VCL snippet to block referrer spam -The following custom VCL snippet code (JSON format) checks incoming requests and blocks requests from any referrer site included in the `referrer_blocklist` edge dictionary. +The following custom VCL snippet code (JSON format) shows the logic to check and block requests. The VCL snippet captures the host of a referrer website into a header, and then compares the host name to the list of URLs in the `referrer_blocklist` dictionary. If the host name matches, the request is blocked with a `403 Forbidden` error. ```json { @@ -67,35 +67,33 @@ The following custom VCL snippet code (JSON format) checks incoming requests and "dynamic": "0", "type": "recv", "priority": "5", - "content": "set req.http.Referer-Host = regsub(req.http.Referer, \"^https?://?([^:/\\s]+).*$\", \"\\1\"); if (table.lookup(referrer_blocklist, req.http.Referer-Host)) { error 403 \"Forbidden\"; }" + "content": "set req.http.Referer-Host = regsub(req.http.Referer, "^https?://?([^:/s]+).*$", "\1"); if (table.lookup(referrer_blocklist, req.http.Referer-Host)) { error 403 "Forbidden"; }" } ``` -Review the example code and change values as needed: +Before creating your own snippet from this example, review the values to determine whether you need to make any changes: - `name` — Name for the VCL snippet. For this example, we used `block_bad_referrer`. - `dynamic` — Value 0 indicates a [regular snippet](https://docs.fastly.com/guides/vcl-snippets/using-regular-vcl-snippets) to upload to the versioned VCL for the Fastly configuration. -- `priority` — Determines when the VCL snippet runs. The priority is `5` to run this snippet code before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. +- `priority` — Determines when the VCL snippet runs. The priority is `5` to run this snippet code before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. You must set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Lower priority numbers execute first. - `type` — Specifies a location to insert the snippet in the VCL version. In this example, the VCL snippet is a `recv` snippet. When the snippet is inserted into the VCL version, it is added to the `vcl_recv` subroutine, below the default Fastly VCL code and above any objects. - `content` — The snippet of VCL code to run in one line, without line breaks. -In this example, the VCL code logic captures the host of a referrer website into a header, and then compares the host name to the list of URLs in the `referrer_blocklist` dictionary. +After reviewing and updating the code for your environment, use either of the following methods to add the custom VCL snippet to your Fastly service configuration: -If the host name matches, the request is blocked with a `403 Forbidden` error. +- [Add the custom VCL snippet from the Magento Admin](#add-the-custom-vcl-snippet). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly CDN module for Magento 2 version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) -See the [Fastly VCL reference](https://docs.fastly.com/vcl/reference/) for information about creating Fastly VCL code snippets. - -Add the custom VCL snippet to your Fastly service configuration from the Magento Admin UI (requires Fastly module 1.2.58 or later). If you cannot access the Admin UI, save the JSON code example in a file and upload it using the Fastly API. See [Creating a VCL snippet using the Fastly API]({{ site.baseurl }}/cloud/cdn/cloud-vcl-custom-snippets.html(#manage-custom-vcl-snippets-using-the-api). +- Save the JSON code example to a file (for example, `allowlist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. ## Add the custom VCL snippet {% include cloud/admin-ui-login-step.md %} -1. Click **Stores** > **Settings** > **Configuration** > **Advanced** > **System**. +1. Click **Stores** > Settings > **Configuration** > **Advanced** > **System**. 1. Expand **Full Page Cache** > **Fastly Configuration** > **Custom VCL Snippets**. diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index 84bd3e663ce..93c02af6a23 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -31,16 +31,16 @@ If you want to manage access for both Staging and Production sites, create the E 1. Enter IP address values in the list. Any client IPs added to this list will be blocked access from the site. 1. Optionally, select the **Negated** checkbox if needed. -You will reference the Edge ACL by name in your VCL snippet code. +You reference the Edge ACL by name in your VCL snippet code. -## Create blocklist.json {#vcl} +## Create the custom VCL for the block list {#vcl} {:.bs-callout-info} -This example shows advanced users how to create custom VCL code snippet to configure blocking rules that can be uploaded to the Fastly service using the Fastly API. You can also configure a blocklist or allowlist from the {{ site.data.var.ee }} Admin UI. See [Blocking](https://github.com/fastly/fastly-magento2/blob/master/Documentation/Guides/BLOCKING.md) in the Fastly CDN for Magento 2 module documentation. +This example shows advanced users how to create a VCL code snippet to configure custom blocking rules that can be uploaded to the Fastly service. You can configure blocklist or allowlist by country from the {{ site.data.var.ee }} Admin UI using the [Blocking](https://github.com/fastly/fastly-magento2/blob/master/Documentation/Guides/BLOCKING.md) feature available in the Fastly CDN for Magento 2 module. After you define the Edge ACL, you can use it to create the VCL snippet to block access to the IP addresses specified in the ACL. You can use the same VCL snippet in both Staging and Production environments, but you must upload the snippet to each environment separately. -Create a `blocklist.json` file with the following VCL code in JSON format: +The following custom VCL snippet code (JSON format) shows the logic to block incoming requests with a client IP address that matches an address in the blocklist ACL. ```json { @@ -48,28 +48,66 @@ Create a `blocklist.json` file with the following VCL code in JSON format: "dynamic": "0", "type": "recv", "priority": "5", - "content": "if ( client.ip ~ blocklist) { error 403 \"Forbidden\"; }" + "content": "if ( client.ip ~ blocklist) { error 403 "Forbidden"; }" } ``` -Review the following parameter values and update your code snippet if necessary: +Before creating your own snippet from this example, review the values to determine whether you need to make any changes: - `name`: Name for the VCL snippet. For this example, we used the name `blocklist`. -- `priority`: Determines the VCL snippet call order. Set the priority to 5 to immediately run and check for blocked IP addresses. This priority runs before any of the uploaded and default Magento VCL snippets (`magentomodule_`) that have a priority of 50. + +- `priority`: Determines when the VCL snippet runs. The priority is `5` to immediately run and check whether a Magento Admin UI requests are coming from an allowed IP address. The snippet runs before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. You must set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Lower priority numbers execute first. + - `type`: Specifies the type of VCL snippet that determines the location of the snippet in the generated VCL code. In this example, we use `recv`, which inserts the VCL code in the `vcl_recv` subroutine, below the boilerplate VCL and above any objects. See the [Fastly VCL snippet reference](https://docs.fastly.com/api/config#api-section-snippet) for the list of snippet types. + - `content`: The snippet of VCL code to run, which checks the client IP address. If the IP is in the Edge ACL, it is blocked from access with a `403 Forbidden` error for the entire website. All other client IP addresses are allowed access. -{:.bs-callout-info} -The default VCL snippets include a prepended name of `magentomodule_` with a priority of 50. **Do not use the `magentomodule_` name** for your custom VCL Snippets. You must also set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Lower priority numbers execute first. +After reviewing and updating the code for your environment, use either of the following methods to add the custom VCL snippet to your Fastly service configuration: + +- [Add the custom VCL snippet from the Magento Admin](#complete). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly CDN module for Magento 2 version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) + +- Save the JSON code example to a file (for example, `allowlist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. + +## Add the custom VCL snippet {#complete} + +{% include cloud/admin-ui-login-step.md %} + +1. Click **Stores** > Settings > **Configuration** > **Advanced** > **System**. + +1. Expand **Full Page Cache** > **Fastly Configuration** > **Custom VCL Snippets**. -## Finish adding the VCL {#complete} +1. Click **Create Custom Snippet**. -After saving the VCL snippet, add the VCL snippet to the Fastly service configuration. See [Add VCL snippets using the Fastly API]({{ site.baseurl }}/cloud/cdn/cloud-vcl-custom-snippets.html#add-vcl-snippets-using-the-fastly-api). +1. Add the VCL snippet values: + + - **Name** — `blocklist` + + - **Type** — `recv` + + - **Priority** — `5` + + - Add the **VCL** snippet content: + + ```conf + "if ( client.ip ~ blocklist) { error 403 "Forbidden"; }" + ``` + +1. Click **Create** to generate the VCL snippet file with the name pattern `type_priority_name.vcl`, for example `recv_5_blocklist.vcl` + +1. After the page reloads, click **Upload VCL to Fastly** in the *Fastly Configuration* section to add the file to the Fastly service configuration. + +1. After the upload completes, refresh the cache according to the notification at the top of the page. + +Fastly validates the updated version of the VCL code during the upload process. If the validation fails, edit the custom VCL snippet to fix the issue. Then, upload the VCL again. ## Additional VCL examples for blocking requests The following examples show how to block requests using inline condition statements instead of an ACL list. +{: .bs-callout-warning} +In these examples, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. You can submit the [VCL snippet from the Admin UI](#complete), or as a JSON string using the Fastly API. If you use the Fastly API with a JSON string, you must escape special characters to prevent validation errors. +See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. + ### VCL code sample: Block by country code This example uses the two-character ISO 3166-1 country code for the country associated with the IP address. @@ -80,7 +118,7 @@ This example uses the two-character ISO 3166-1 country code for the country asso "dynamic": "0", "type": "recv", "priority": "5", - "content": "if ( geoip.country_code == \"HK\" ) { error 405 \"Not allowed\";}" + "content": "if ( geoip.country_code == "HK" ) { error 405 "Not allowed";}" } ``` @@ -95,6 +133,6 @@ Instead of using a custom VCL snippet, you can use the Fastly [Blocking](https:/ "dynamic": "0", "type": "recv", "priority": "5", - "content": "if ( req.http.User-Agent ~ \"(UCBrowser|MQQBrowser|LieBaoFast|Mb2345Browser)\" ) {error 405 \"Not allowed\";}" + "content": "if ( req.http.User-Agent ~ "(UCBrowser|MQQBrowser|LieBaoFast|Mb2345Browser)" ) {error 405 "Not allowed";}" } ``` diff --git a/src/cloud/cdn/fastly-vcl-whitelist.md b/src/cloud/cdn/fastly-vcl-whitelist.md index 7c0e4127396..9d61476c348 100644 --- a/src/cloud/cdn/fastly-vcl-whitelist.md +++ b/src/cloud/cdn/fastly-vcl-whitelist.md @@ -1,6 +1,6 @@ --- group: cloud-guide -title: Secure access to Magento Admin UI by client IP address +title: Custom VCL for allowing requests redirect_from: - /cloud/configure/fastly-vcl-whitelist.html functional_areas: @@ -8,7 +8,15 @@ functional_areas: - Setup --- -The following example shows how to use a custom VCL snippet with a [Fastly Access Control List (ACL)](https://docs.fastly.com/guides/access-control-lists/about-acls) to secure access to the Magento Admin UI for a {{ site.data.var.ece }} project environment by client IP address. When you add the custom VCL snippet, Fastly allows only requests from IP addresses included in the ACL. + +You can use the a Fastly Edge ACL list in combination with custom VCL code snippet to filter incoming requests and allow access by IP address. The ACL list specifies the IP addresses to allow. + +Create an allowlist to limit access to your Staging environment so that only requests from specified IP addresses for internal developers and approved external services are permitted. You can also create an allowlist to secure access to the Magento Admin UI on Staging and Production environments. + +The following example shows how to use a custom VCL snippet with a [Fastly Access Control List (ACL)](https://docs.fastly.com/guides/access-control-lists/about-acls) to secure access to the Magento Admin UI for a {{ site.data.var.ece }} project environment. When you add the custom VCL snippet to the Cloud enviroment, Fastly allows only requests from IP addresses included in the ACL. + +{:.bs-callout-tip} +For Staging and Integration environments that should not be publicly accessible, you can use the HTTP access control option available in the [Magento Cloud Project UI]({{site.baseurl}}/cloud/project/project-webint-branch.html#security) to manage access to the entire site by IP address. **Prerequisites:** @@ -16,7 +24,7 @@ The following example shows how to use a custom VCL snippet with a [Fastly Acces - Get Magento Admin UI credentials for your {{ site.data.var.ece }} environment. -- List of client IP addresses allowed to access the Magento Admin UI. +- List of client IP addresses to include on the allowlist ## Create Edge ACL for allowing client IPs {#edge-acl} @@ -24,7 +32,7 @@ Edge ACLs create IP address lists for managing access to your site. In this exam {% include cloud/admin-ui-login-step.md %} -1. Click **Stores** > **Settings** > **Configuration** > **Advanced** > **System**. +1. Click **Stores** > Settings > **Configuration** > **Advanced** > **System**. 1. Expand **Full Page Cache** > **Fastly Configuration** > **ACL**. @@ -50,11 +58,9 @@ Edge ACLs create IP address lists for managing access to your site. In this exam 1. Refresh the cache according to the notification at the top of the page. -## Create the custom vcl snippet to secure Magento Admin UI access {#vcl} +## Create the custom VCL snippet to secure Magento Admin UI access {#vcl} -The following custom VCL snippet code (JSON format) filters requests to the Magento Admin UI and allows access if the client IP address matches an address in the `allowlist` ACL. - -Create an `allowlist.json` file with the following JSON content: +The following custom VCL snippet code (JSON format) shows the logic to filter requests to the Magento Admin UI and allow access if the client IP address matches an address in the `allowlist` ACL. ```json { @@ -66,27 +72,31 @@ Create an `allowlist.json` file with the following JSON content: } ``` -Review the following values for the code to determine if you need to make changes: +Before creating your own snippet from this example, review the values to determine whether you need to make any changes: - `name` — Name for the VCL snippet. For this example, `allowlist`. -- `priority` — Determines when the VCL snippet runs. The priority is `5` to immediately run and check whether a Magento Admin UI requests are coming from an allowed IP address. The snippet runs before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. +- `priority` — Determines when the VCL snippet runs. The priority is `5` to immediately run and check whether a Magento Admin UI requests are coming from an allowed IP address. The snippet runs before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. You must set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Lower priority numbers execute first. -- `type` — Specifies Specifies a location to insert the snippet in the versioned VCL code. This VCL is a `recv` snippet type which adds the snippet code to the `vcl_recv` subroutine below the default Fastly VCL code and above any objects. +- `type` — Specifies a location to insert the snippet in the versioned VCL code. This VCL is a `recv` snippet type which adds the snippet code to the `vcl_recv` subroutine below the default Fastly VCL code and above any objects. -- `content` — The snippet of VCL code to run. In this example, the code filters requests to the Magento Admin UI and allows access if the client IP address matches an address in the `allowlist` ACL. If the address doesn't match the request is blocked with a `403 Forbidden` error. +- `content` — The snippet of VCL code to run. In this example, the code filters requests to the Magento Admin UI and allows access if the client IP address matches an address in the `allowlist` ACL. If the address does not match, the request is blocked with a `403 Forbidden` error. If the URL for your Magento Admin UI was changed, replace the sample value `/admin` with the URL for your environment. For example, `/company-admin`. -In the code sample, the condition `!req.http.Fastly-FF` is important when using Origin Shielding. Do not remove or edit this code. +In the code sample, the condition `!req.http.Fastly-FF` is important when using [Origin Shielding]({{site.baseurl}}/cloud/cdn/configure-fastly.html#backend). Do not remove or edit this code. + +After reviewing and updating the code for your environment, use either of the following methods to add the custom VCL snippet to your Fastly service configuration: + +- [Add the custom VCL snippet from the Magento Admin](#add-whitelist-vcl). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly CDN module for Magento 2 version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) -Add the custom VCL snippet to your Fastly service configuration from the Magento Admin UI (requires Fastly module 1.2.58 or later). If you cannot access the Magento Admin UI, save the JSON code example in a file and upload it using the Fastly API. See [Creating a VCL snippet using the Fastly API]({{ site.baseurl }}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). +- Save the JSON code example to a file (for example, `allowlist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. ## Add the custom VCL snippet {#add-whitelist-vcl} {% include cloud/admin-ui-login-step.md %} -1. Click **Stores** > **Settings** > **Configuration** > **Advanced** > **System**. +1. Click **Stores** > Settings > **Configuration** > **Advanced** > **System**. 1. Expand **Full Page Cache** > **Fastly Configuration** > **Custom VCL Snippets**. @@ -103,7 +113,7 @@ Add the custom VCL snippet to your Fastly service configuration from the Magento - Add the **VCL** snippet content: ```conf - if ((req.url ~ "^/admin") && !(client.ip ~ allowlist) && !req.http.Fastly-FF) { error 403 "Forbidden"; + if ((req.url ~ "^/admin") && !(client.ip ~ allowlist) && !req.http.Fastly-FF) { error 403 "Forbidden"; } ``` 1. Click **Create** to generate the VCL snippet file with the name pattern `type_priority_name.vcl`, for example `recv_5_allowlist.vcl` diff --git a/src/cloud/cdn/fastly-vcl-wordpress.md b/src/cloud/cdn/fastly-vcl-wordpress.md index e1b480d1970..1fb0301a480 100644 --- a/src/cloud/cdn/fastly-vcl-wordpress.md +++ b/src/cloud/cdn/fastly-vcl-wordpress.md @@ -31,7 +31,7 @@ To reroute requests from {{ site.data.var.ee }} to WordPress: - Log in to the Magento Admin. - - Navigate to **Stores** > **Configuration** > **Advanced** > **System** > **Full Page Cache** > **Fastly Configuration** > **Advanced**. + - Navigate to **Stores** > Settings > **Configuration** > **Advanced** > **System** > **Full Page Cache** > **Fastly Configuration** > **Advanced**. - Set the value for **Fastly Edge Modules** to **Yes**. diff --git a/src/cloud/trouble/robots-sitemap.md b/src/cloud/trouble/robots-sitemap.md index c15a0aa4f3e..a683a04c6e6 100644 --- a/src/cloud/trouble/robots-sitemap.md +++ b/src/cloud/trouble/robots-sitemap.md @@ -49,6 +49,9 @@ If the `/robots.txt` file generates a `404 error`, [submit If you have different domains and you need separate site maps, you can create a VCL to route to the proper sitemap. Generate the `sitemap.xml` file in the Magento Admin panel as described above, then create a custom Fastly VCL snippet to manage the redirect. See [Custom Fastly VCL snippets]({{ site.baseurl }}/cloud/cdn/cloud-vcl-custom-snippets.html). + {:.bs-callout-info} + You can upload custom VCL snippets from the Magento Admin UI or using the Fastly API. See [Custom VCL snippet examples and tutorials]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#custom-vcl-snippet-examples-and-tutorials). + ### Use a Fastly VCL snippet for redirect Create a custom VCL snippet to rewrite the path for `sitemap.xml` to `/media/sitemap.xml` using the `type` and `content` key-value pairs. @@ -59,7 +62,7 @@ Create a custom VCL snippet to rewrite the path for `sitemap.xml` to `/media/sit "dynamic": "0", "type": "recv", "priority": "90", - "content": "if ( req.url.path ~ \"^/?sitemap.xml$\" ) { set req.url = \"/media/sitemap.xml\"; }" + "content": "if ( req.url.path ~ "^/?sitemap.xml$" ) { set req.url = "/media/sitemap.xml"; }" } ``` @@ -71,7 +74,7 @@ The following example demonstrates how to rewrite the path for `robots.txt` and "dynamic": "0", "type": "recv", "priority": "90", - "content": "if ( req.url.path ~ \"^/?sitemap.xml$\" ) { set req.url = \"/media/sitemap.xml\"; } else if (req.url.path ~ \"^/?robots.txt$\") { set req.url = \"/media/robots.txt\";}" + "content": "if ( req.url.path ~ "^/?sitemap.xml$\" ) { set req.url = "/media/sitemap.xml"; } else if (req.url.path ~ "^/?robots.txt$") { set req.url = "/media/robots.txt";}" } ``` @@ -86,7 +89,7 @@ Create a `pub/media/domain_robots.txt` file, where the domain is `domain.com` an "dynamic": "0", "type": "recv", "priority": "90", - "content": "if ( req.url.path == \"/robots.txt\" ) { if ( req.http.host ~ \"(domain).com$\" ) { set req.url = \"/media/\" re.group.1 \"_robots.txt\"; }}" + "content": "if ( req.url.path == "/robots.txt" ) { if ( req.http.host ~ "(domain).com$" ) { set req.url = "/media/" re.group.1 "_robots.txt"; }}" } ``` @@ -100,7 +103,7 @@ To configure a redirect for `robots.txt` and `sitemap.xml` in a single snippet, "dynamic": "0", "type": "recv", "priority": "90", - "content": "if ( req.url.path == \"/robots.txt\" ) { if ( req.http.host ~ \"(domain).com$\" ) { set req.url = \"/media/\" re.group.1 \"_robots.txt\"; }} else if ( req.url.path == \"/sitemap.xml\" ) { if ( req.http.host ~ \"(domain).com$\" ) { set req.url = \"/media/\" re.group.1 \"_sitemap.xml\"; }}" + "content": "if ( req.url.path == "/robots.txt" ) { if ( req.http.host ~ "(domain).com$" ) { set req.url = "/media/" re.group.1 "_robots.txt"; }} else if ( req.url.path == "/sitemap.xml" ) { if ( req.http.host ~ "(domain).com$" ) { set req.url = "/media/" re.group.1 "_sitemap.xml"; }}" } ``` From c069a970fb707ab18e27dec939dc113311a35213 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:45:30 -0500 Subject: [PATCH 02/20] Update src/cloud/cdn/fastly-vcl-badreferer.md Co-Authored-By: Michael Casey --- src/cloud/cdn/fastly-vcl-badreferer.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/cdn/fastly-vcl-badreferer.md b/src/cloud/cdn/fastly-vcl-badreferer.md index 0675e9bd61f..5fbbbef6d9d 100644 --- a/src/cloud/cdn/fastly-vcl-badreferer.md +++ b/src/cloud/cdn/fastly-vcl-badreferer.md @@ -67,7 +67,7 @@ The following custom VCL snippet code (JSON format) shows the logic to check and "dynamic": "0", "type": "recv", "priority": "5", - "content": "set req.http.Referer-Host = regsub(req.http.Referer, "^https?://?([^:/s]+).*$", "\1"); if (table.lookup(referrer_blocklist, req.http.Referer-Host)) { error 403 "Forbidden"; }" + "content": "set req.http.Referer-Host = regsub(req.http.Referer, \"^https?:\/\/?([^:\/s]+).*$\", \"\\1\"); if (table.lookup(referrer_blocklist, req.http.Referer-Host)) { error 403 \"Forbidden\"; }" } ``` From 2abfc95cb6487b752b496f6d4cebb1fdbe588d9f Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:45:40 -0500 Subject: [PATCH 03/20] Update src/cloud/cdn/fastly-vcl-blocking.md Co-Authored-By: Michael Casey --- src/cloud/cdn/fastly-vcl-blocking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index 93c02af6a23..ac3b617968f 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -118,7 +118,7 @@ This example uses the two-character ISO 3166-1 country code for the country asso "dynamic": "0", "type": "recv", "priority": "5", - "content": "if ( geoip.country_code == "HK" ) { error 405 "Not allowed";}" + "content": "if ( geoip.country_code == \"HK\" ) { error 405 \"Not allowed\";}" } ``` From 53e7c902941dfacc514e320da18e46bb7c5f2605 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:45:48 -0500 Subject: [PATCH 04/20] Update src/cloud/trouble/robots-sitemap.md Co-Authored-By: Michael Casey --- src/cloud/trouble/robots-sitemap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/trouble/robots-sitemap.md b/src/cloud/trouble/robots-sitemap.md index a683a04c6e6..f14f9ade070 100644 --- a/src/cloud/trouble/robots-sitemap.md +++ b/src/cloud/trouble/robots-sitemap.md @@ -62,7 +62,7 @@ Create a custom VCL snippet to rewrite the path for `sitemap.xml` to `/media/sit "dynamic": "0", "type": "recv", "priority": "90", - "content": "if ( req.url.path ~ "^/?sitemap.xml$" ) { set req.url = "/media/sitemap.xml"; }" + "content": "if ( req.url.path ~ \"^/?sitemap.xml$\" ) { set req.url = \"/media/sitemap.xml\"; }" } ``` From fcf93a3a5dbdf40d97dda18efd148f292b48f2b2 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:45:56 -0500 Subject: [PATCH 05/20] Update src/cloud/trouble/robots-sitemap.md Co-Authored-By: Michael Casey --- src/cloud/trouble/robots-sitemap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/trouble/robots-sitemap.md b/src/cloud/trouble/robots-sitemap.md index f14f9ade070..f9b947232a9 100644 --- a/src/cloud/trouble/robots-sitemap.md +++ b/src/cloud/trouble/robots-sitemap.md @@ -89,7 +89,7 @@ Create a `pub/media/domain_robots.txt` file, where the domain is `domain.com` an "dynamic": "0", "type": "recv", "priority": "90", - "content": "if ( req.url.path == "/robots.txt" ) { if ( req.http.host ~ "(domain).com$" ) { set req.url = "/media/" re.group.1 "_robots.txt"; }}" + "content": "if ( req.url.path == \"/robots.txt\" ) { if ( req.http.host ~ \"(domain).com$\" ) { set req.url = \"/media/\" re.group.1 \"_robots.txt\"; }}" } ``` From 8240ba9ed271ec5bdf4c942b4c88f005acd0e4fb Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:46:13 -0500 Subject: [PATCH 06/20] Update src/cloud/trouble/robots-sitemap.md Co-Authored-By: Michael Casey --- src/cloud/trouble/robots-sitemap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/trouble/robots-sitemap.md b/src/cloud/trouble/robots-sitemap.md index f9b947232a9..6a8bb0f42d1 100644 --- a/src/cloud/trouble/robots-sitemap.md +++ b/src/cloud/trouble/robots-sitemap.md @@ -103,7 +103,7 @@ To configure a redirect for `robots.txt` and `sitemap.xml` in a single snippet, "dynamic": "0", "type": "recv", "priority": "90", - "content": "if ( req.url.path == "/robots.txt" ) { if ( req.http.host ~ "(domain).com$" ) { set req.url = "/media/" re.group.1 "_robots.txt"; }} else if ( req.url.path == "/sitemap.xml" ) { if ( req.http.host ~ "(domain).com$" ) { set req.url = "/media/" re.group.1 "_sitemap.xml"; }}" + "content": "if ( req.url.path == \"/robots.txt\" ) { if ( req.http.host ~ \"(domain).com$\" ) { set req.url = \"/media/\" re.group.1 \"_robots.txt\"; }} else if ( req.url.path == \"/sitemap.xml\" ) { if ( req.http.host ~ \"(domain).com$\" ) { set req.url = \"/media/\" re.group.1 \"_sitemap.xml\"; }}" } ``` From e3b29a809d07083a5170c451330302e3edc6519f Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:46:27 -0500 Subject: [PATCH 07/20] Update src/cloud/trouble/robots-sitemap.md Co-Authored-By: Michael Casey --- src/cloud/trouble/robots-sitemap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/trouble/robots-sitemap.md b/src/cloud/trouble/robots-sitemap.md index 6a8bb0f42d1..47f21b8c22f 100644 --- a/src/cloud/trouble/robots-sitemap.md +++ b/src/cloud/trouble/robots-sitemap.md @@ -74,7 +74,7 @@ The following example demonstrates how to rewrite the path for `robots.txt` and "dynamic": "0", "type": "recv", "priority": "90", - "content": "if ( req.url.path ~ "^/?sitemap.xml$\" ) { set req.url = "/media/sitemap.xml"; } else if (req.url.path ~ "^/?robots.txt$") { set req.url = "/media/robots.txt";}" + "content": "if ( req.url.path ~ \"^/?sitemap.xml$\\" ) { set req.url = \"/media/sitemap.xml\"; } else if (req.url.path ~ \"^/?robots.txt$\") { set req.url = \"/media/robots.txt\";}" } ``` From 6e1c8b0d9f4db275ef42c6225958e6bfa942dc82 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:46:37 -0500 Subject: [PATCH 08/20] Update src/cloud/cdn/fastly-vcl-blocking.md Co-Authored-By: Michael Casey --- src/cloud/cdn/fastly-vcl-blocking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index ac3b617968f..d345ec6b410 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -133,6 +133,6 @@ Instead of using a custom VCL snippet, you can use the Fastly [Blocking](https:/ "dynamic": "0", "type": "recv", "priority": "5", - "content": "if ( req.http.User-Agent ~ "(UCBrowser|MQQBrowser|LieBaoFast|Mb2345Browser)" ) {error 405 "Not allowed";}" + "content": "if ( req.http.User-Agent ~ \"(UCBrowser|MQQBrowser|LieBaoFast|Mb2345Browser)\" ) {error 405 \"Not allowed\";}" } ``` From 518e0d37a2f37685c5fa913f831a0c2d3eeaaec4 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:46:47 -0500 Subject: [PATCH 09/20] Update src/cloud/cdn/fastly-vcl-blocking.md Co-Authored-By: Michael Casey --- src/cloud/cdn/fastly-vcl-blocking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index d345ec6b410..cbeb22d3b10 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -89,7 +89,7 @@ After reviewing and updating the code for your environment, use either of the fo - Add the **VCL** snippet content: ```conf - "if ( client.ip ~ blocklist) { error 403 "Forbidden"; }" + if ( client.ip ~ blocklist) { error 403 "Forbidden"; } ``` 1. Click **Create** to generate the VCL snippet file with the name pattern `type_priority_name.vcl`, for example `recv_5_blocklist.vcl` From ab37bc80cf57ae5a551a883d25db121573503224 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:53:11 -0500 Subject: [PATCH 10/20] Update src/cloud/cdn/cloud-vcl-custom-snippets.md Co-Authored-By: Michael Casey --- src/cloud/cdn/cloud-vcl-custom-snippets.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cloud/cdn/cloud-vcl-custom-snippets.md b/src/cloud/cdn/cloud-vcl-custom-snippets.md index 8fb98e28980..76ca0226850 100644 --- a/src/cloud/cdn/cloud-vcl-custom-snippets.md +++ b/src/cloud/cdn/cloud-vcl-custom-snippets.md @@ -59,7 +59,7 @@ The following example shows the custom VCL snippet (JSON format) that filters tr ``` {: .bs-callout-warning} -In this example, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. You can also submit the snippet in the API request as a JSON string, but you must escape special characters in the code to prevent validation errors. See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. +In this example, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. When sending the snippet as JSON for an API request, you must escape special characters in the code to prevent JSON validation errors. See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. If you submit the VCL snippet from the Magento Admin UI, you do not have to escape special characters. The VCL logic in the `content` field performs the following actions: @@ -305,4 +305,4 @@ Use these commands to manage snippets that you added using the Fastly API. If yo [Manage custom VCL snippets]: {{site.baseurl}}/common/images/cloud/cloud-fastly-edit-snippets.png -{:width="650px"} \ No newline at end of file +{:width="650px"} From e37fa785f3167aedcfd5cf6216b5bd6236ad0a48 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 14:53:49 -0500 Subject: [PATCH 11/20] Update src/cloud/cdn/fastly-vcl-blocking.md Co-Authored-By: Michael Casey --- src/cloud/cdn/fastly-vcl-blocking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index cbeb22d3b10..bbcc70a42ee 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -48,7 +48,7 @@ The following custom VCL snippet code (JSON format) shows the logic to block inc "dynamic": "0", "type": "recv", "priority": "5", - "content": "if ( client.ip ~ blocklist) { error 403 "Forbidden"; }" + "content": "if ( client.ip ~ blocklist) { error 403 \"Forbidden\"; }" } ``` From 49445375131c8b648145f8381224bc76456ca8ed Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Fri, 13 Mar 2020 16:46:15 -0500 Subject: [PATCH 12/20] Fixed linting error --- src/cloud/cdn/cloud-vcl-custom-snippets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/cdn/cloud-vcl-custom-snippets.md b/src/cloud/cdn/cloud-vcl-custom-snippets.md index 76ca0226850..a6990887beb 100644 --- a/src/cloud/cdn/cloud-vcl-custom-snippets.md +++ b/src/cloud/cdn/cloud-vcl-custom-snippets.md @@ -59,7 +59,7 @@ The following example shows the custom VCL snippet (JSON format) that filters tr ``` {: .bs-callout-warning} -In this example, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. When sending the snippet as JSON for an API request, you must escape special characters in the code to prevent JSON validation errors. See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. If you submit the VCL snippet from the Magento Admin UI, you do not have to escape special characters. +In this example, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. When sending the snippet as JSON for an API request, you must escape special characters in the code to prevent JSON validation errors. See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. If you submit the VCL snippet from the Magento Admin UI, you do not have to escape special characters. The VCL logic in the `content` field performs the following actions: From 37c6084c73715b65086192853447dac6c34a1fb0 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Mon, 16 Mar 2020 12:34:39 -0500 Subject: [PATCH 13/20] Update src/cloud/trouble/robots-sitemap.md --- src/cloud/trouble/robots-sitemap.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/trouble/robots-sitemap.md b/src/cloud/trouble/robots-sitemap.md index 47f21b8c22f..0a5e999eb49 100644 --- a/src/cloud/trouble/robots-sitemap.md +++ b/src/cloud/trouble/robots-sitemap.md @@ -74,7 +74,7 @@ The following example demonstrates how to rewrite the path for `robots.txt` and "dynamic": "0", "type": "recv", "priority": "90", - "content": "if ( req.url.path ~ \"^/?sitemap.xml$\\" ) { set req.url = \"/media/sitemap.xml\"; } else if (req.url.path ~ \"^/?robots.txt$\") { set req.url = \"/media/robots.txt\";}" + "content": "if ( req.url.path ~ \"^/?sitemap.xml$\" ) { set req.url = \"/media/sitemap.xml\"; } else if (req.url.path ~ \"^/?robots.txt$\") { set req.url = \"/media/robots.txt\";}" } ``` From 73cc7014c4155a0eb600fa79ffed88b21d01deac Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Tue, 17 Mar 2020 10:20:26 -0500 Subject: [PATCH 14/20] Apply suggestions from code review --- src/cloud/cdn/fastly-vcl-badreferer.md | 2 +- src/cloud/cdn/fastly-vcl-blocking.md | 2 +- src/cloud/cdn/fastly-vcl-whitelist.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/cloud/cdn/fastly-vcl-badreferer.md b/src/cloud/cdn/fastly-vcl-badreferer.md index 5fbbbef6d9d..fd00e4518e1 100644 --- a/src/cloud/cdn/fastly-vcl-badreferer.md +++ b/src/cloud/cdn/fastly-vcl-badreferer.md @@ -85,7 +85,7 @@ Before creating your own snippet from this example, review the values to determi After reviewing and updating the code for your environment, use either of the following methods to add the custom VCL snippet to your Fastly service configuration: -- [Add the custom VCL snippet from the Magento Admin](#add-the-custom-vcl-snippet). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly CDN module for Magento 2 version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) +- [Add the custom VCL snippet from the Magento Admin](#add-the-custom-vcl-snippet). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) - Save the JSON code example to a file (for example, `allowlist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index bbcc70a42ee..98cd5241081 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -52,7 +52,7 @@ The following custom VCL snippet code (JSON format) shows the logic to block inc } ``` -Before creating your own snippet from this example, review the values to determine whether you need to make any changes: +Before creating a snippet based on this example, review the values to determine whether you need to make any changes: - `name`: Name for the VCL snippet. For this example, we used the name `blocklist`. diff --git a/src/cloud/cdn/fastly-vcl-whitelist.md b/src/cloud/cdn/fastly-vcl-whitelist.md index 9d61476c348..51baf586b7d 100644 --- a/src/cloud/cdn/fastly-vcl-whitelist.md +++ b/src/cloud/cdn/fastly-vcl-whitelist.md @@ -11,7 +11,7 @@ functional_areas: You can use the a Fastly Edge ACL list in combination with custom VCL code snippet to filter incoming requests and allow access by IP address. The ACL list specifies the IP addresses to allow. -Create an allowlist to limit access to your Staging environment so that only requests from specified IP addresses for internal developers and approved external services are permitted. You can also create an allowlist to secure access to the Magento Admin UI on Staging and Production environments. +Create an allow list to limit access to your Staging environment so that only requests from specified IP addresses for internal developers and approved external services are permitted. You can also create an allow list to secure access to the Magento Admin UI on Staging and Production environments. The following example shows how to use a custom VCL snippet with a [Fastly Access Control List (ACL)](https://docs.fastly.com/guides/access-control-lists/about-acls) to secure access to the Magento Admin UI for a {{ site.data.var.ece }} project environment. When you add the custom VCL snippet to the Cloud enviroment, Fastly allows only requests from IP addresses included in the ACL. From bae0ff9689af8e98e7258ac68423d85748b74204 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Tue, 17 Mar 2020 10:20:26 -0500 Subject: [PATCH 15/20] Apply suggestions from code review --- src/_data/toc/cloud-guide.yml | 2 +- src/cloud/cdn/fastly-vcl-badreferer.md | 8 ++++---- src/cloud/cdn/fastly-vcl-blocking.md | 8 ++++---- src/cloud/cdn/fastly-vcl-whitelist.md | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/_data/toc/cloud-guide.yml b/src/_data/toc/cloud-guide.yml index fa2e48a1760..0d4996af430 100644 --- a/src/_data/toc/cloud-guide.yml +++ b/src/_data/toc/cloud-guide.yml @@ -270,7 +270,7 @@ pages: url: /cloud/cdn/fastly-vcl-badreferer.html versionless: true - - label: Custom VCL for IP allowlist + - label: Custom VCL for IP allow list url: /cloud/cdn/fastly-vcl-whitelist.html versionless: true diff --git a/src/cloud/cdn/fastly-vcl-badreferer.md b/src/cloud/cdn/fastly-vcl-badreferer.md index 5fbbbef6d9d..4dba8604efb 100644 --- a/src/cloud/cdn/fastly-vcl-badreferer.md +++ b/src/cloud/cdn/fastly-vcl-badreferer.md @@ -17,9 +17,9 @@ We recommend adding custom VCL configurations to a Staging environment where you - Configure the {{ site.var.data.ece }} environment for Fastly services. See [Set up Fastly]({{ site.baseurl }}/cloud/cdn/configure-fastly.html). -- Get Admin credentials for your {{ site.data.var.ece }} environment. +- Admin credentials to access the Magento Admin UI for your {{ site.data.var.ece }} environment -- Review your site logs for fake referral URLs and make a list of domains to block. +- Review your site logs for fake referral URLs, and make a list of domains to block. ## Create a referrer block list @@ -77,7 +77,7 @@ Before creating your own snippet from this example, review the values to determi - `dynamic` — Value 0 indicates a [regular snippet](https://docs.fastly.com/guides/vcl-snippets/using-regular-vcl-snippets) to upload to the versioned VCL for the Fastly configuration. -- `priority` — Determines when the VCL snippet runs. The priority is `5` to run this snippet code before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. You must set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Lower priority numbers execute first. +- `priority` — Determines when the VCL snippet runs. The priority is `5` to run this snippet code before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. You must set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Snippets with lower priority numbers run first. - `type` — Specifies a location to insert the snippet in the VCL version. In this example, the VCL snippet is a `recv` snippet. When the snippet is inserted into the VCL version, it is added to the `vcl_recv` subroutine, below the default Fastly VCL code and above any objects. @@ -85,7 +85,7 @@ Before creating your own snippet from this example, review the values to determi After reviewing and updating the code for your environment, use either of the following methods to add the custom VCL snippet to your Fastly service configuration: -- [Add the custom VCL snippet from the Magento Admin](#add-the-custom-vcl-snippet). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly CDN module for Magento 2 version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) +- [Add the custom VCL snippet from the Magento Admin](#add-the-custom-vcl-snippet). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) - Save the JSON code example to a file (for example, `allowlist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index bbcc70a42ee..fb43e544884 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -15,7 +15,7 @@ You can use the Fastly CDN module for Magento 2 to create an Edge ACL with a lis **Prerequisites:** - List of client IP addresses to block -- Account access and URL for the Magento Admin UI for the Staging or Production environment +- Admin credentials to access the Magento Admin UI for your {{ site.data.var.ece }} environment - Fastly API credentials for Staging and Production environments ## Create Edge ACL for blocking client IPs {#edge-acl} @@ -36,7 +36,7 @@ You reference the Edge ACL by name in your VCL snippet code. ## Create the custom VCL for the block list {#vcl} {:.bs-callout-info} -This example shows advanced users how to create a VCL code snippet to configure custom blocking rules that can be uploaded to the Fastly service. You can configure blocklist or allowlist by country from the {{ site.data.var.ee }} Admin UI using the [Blocking](https://github.com/fastly/fastly-magento2/blob/master/Documentation/Guides/BLOCKING.md) feature available in the Fastly CDN for Magento 2 module. +This example shows advanced users how to create a VCL code snippet to configure custom blocking rules that can be uploaded to the Fastly service. You can configure a block list or allow list based on country from the {{ site.data.var.ee }} Admin UI using the [Blocking](https://github.com/fastly/fastly-magento2/blob/master/Documentation/Guides/BLOCKING.md) feature available in the Fastly CDN for Magento 2 module. After you define the Edge ACL, you can use it to create the VCL snippet to block access to the IP addresses specified in the ACL. You can use the same VCL snippet in both Staging and Production environments, but you must upload the snippet to each environment separately. @@ -52,7 +52,7 @@ The following custom VCL snippet code (JSON format) shows the logic to block inc } ``` -Before creating your own snippet from this example, review the values to determine whether you need to make any changes: +Before creating a snippet based on this example, review the values to determine whether you need to make any changes: - `name`: Name for the VCL snippet. For this example, we used the name `blocklist`. @@ -66,7 +66,7 @@ After reviewing and updating the code for your environment, use either of the fo - [Add the custom VCL snippet from the Magento Admin](#complete). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly CDN module for Magento 2 version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) -- Save the JSON code example to a file (for example, `allowlist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. +- Save the JSON code example to a file (for example, `blocklist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. ## Add the custom VCL snippet {#complete} diff --git a/src/cloud/cdn/fastly-vcl-whitelist.md b/src/cloud/cdn/fastly-vcl-whitelist.md index 9d61476c348..7ab62dfd833 100644 --- a/src/cloud/cdn/fastly-vcl-whitelist.md +++ b/src/cloud/cdn/fastly-vcl-whitelist.md @@ -11,7 +11,7 @@ functional_areas: You can use the a Fastly Edge ACL list in combination with custom VCL code snippet to filter incoming requests and allow access by IP address. The ACL list specifies the IP addresses to allow. -Create an allowlist to limit access to your Staging environment so that only requests from specified IP addresses for internal developers and approved external services are permitted. You can also create an allowlist to secure access to the Magento Admin UI on Staging and Production environments. +Create an allow list to limit access to your Staging environment so that only requests from specified IP addresses for internal developers and approved external services are permitted. You can also create an allow list to secure access to the Magento Admin UI on Staging and Production environments. The following example shows how to use a custom VCL snippet with a [Fastly Access Control List (ACL)](https://docs.fastly.com/guides/access-control-lists/about-acls) to secure access to the Magento Admin UI for a {{ site.data.var.ece }} project environment. When you add the custom VCL snippet to the Cloud enviroment, Fastly allows only requests from IP addresses included in the ACL. @@ -22,9 +22,9 @@ For Staging and Integration environments that should not be publicly accessible, - Configure the {{ site.var.data.ece }} environment for Fastly services. See [Set up Fastly]({{ site.baseurl }}/cloud/cdn/configure-fastly.html). -- Get Magento Admin UI credentials for your {{ site.data.var.ece }} environment. +- Admin credentials to access the Magento Admin UI for your {{ site.data.var.ece }} environment -- List of client IP addresses to include on the allowlist +- List of client IP addresses to include on the allow list ## Create Edge ACL for allowing client IPs {#edge-acl} From 571fc5ed4f63f523cc1d7d12dba89fc16725e60a Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Tue, 17 Mar 2020 16:14:36 -0500 Subject: [PATCH 16/20] Apply suggestions from code review --- src/cloud/cdn/cloud-vcl-custom-snippets.md | 2 +- src/cloud/cdn/fastly-vcl-badreferer.md | 2 +- src/cloud/cdn/fastly-vcl-blocking.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/cloud/cdn/cloud-vcl-custom-snippets.md b/src/cloud/cdn/cloud-vcl-custom-snippets.md index a6990887beb..5d422450557 100644 --- a/src/cloud/cdn/cloud-vcl-custom-snippets.md +++ b/src/cloud/cdn/cloud-vcl-custom-snippets.md @@ -59,7 +59,7 @@ The following example shows the custom VCL snippet (JSON format) that filters tr ``` {: .bs-callout-warning} -In this example, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. When sending the snippet as JSON for an API request, you must escape special characters in the code to prevent JSON validation errors. See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. If you submit the VCL snippet from the Magento Admin UI, you do not have to escape special characters. +In this example, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. When sending the snippet as JSON for an API request, you must use a backslash to escape special characters in the code to prevent JSON validation errors. See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. If you submit the VCL snippet from the Magento Admin UI, you do not have to escape special characters. The VCL logic in the `content` field performs the following actions: diff --git a/src/cloud/cdn/fastly-vcl-badreferer.md b/src/cloud/cdn/fastly-vcl-badreferer.md index 4dba8604efb..b1d8d4ad044 100644 --- a/src/cloud/cdn/fastly-vcl-badreferer.md +++ b/src/cloud/cdn/fastly-vcl-badreferer.md @@ -71,7 +71,7 @@ The following custom VCL snippet code (JSON format) shows the logic to check and } ``` -Before creating your own snippet from this example, review the values to determine whether you need to make any changes: +Before creating a snippet based on this example, review the values to determine whether you need to make any changes: - `name` — Name for the VCL snippet. For this example, we used `block_bad_referrer`. diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index fb43e544884..f41d844791b 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -64,7 +64,7 @@ Before creating a snippet based on this example, review the values to determine After reviewing and updating the code for your environment, use either of the following methods to add the custom VCL snippet to your Fastly service configuration: -- [Add the custom VCL snippet from the Magento Admin](#complete). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly CDN module for Magento 2 version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) +- [Add the custom VCL snippet from the Magento Admin](#add-the-custom-vcl-snippet). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) - Save the JSON code example to a file (for example, `blocklist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. From a7eb86ab78e95353ef2a07381bfe999b72764a76 Mon Sep 17 00:00:00 2001 From: maeker12 Date: Tue, 17 Mar 2020 17:29:34 -0500 Subject: [PATCH 17/20] Changed execute to run per review feedback --- src/cloud/cdn/fastly-vcl-blocking.md | 2 +- src/cloud/cdn/fastly-vcl-whitelist.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index f41d844791b..e8bb4ff1a34 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -56,7 +56,7 @@ Before creating a snippet based on this example, review the values to determine - `name`: Name for the VCL snippet. For this example, we used the name `blocklist`. -- `priority`: Determines when the VCL snippet runs. The priority is `5` to immediately run and check whether a Magento Admin UI requests are coming from an allowed IP address. The snippet runs before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. You must set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Lower priority numbers execute first. +- `priority`: Determines when the VCL snippet runs. The priority is `5` to immediately run and check whether a Magento Admin UI requests are coming from an allowed IP address. The snippet runs before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. You must set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Snippets with lower priority numbers run first. - `type`: Specifies the type of VCL snippet that determines the location of the snippet in the generated VCL code. In this example, we use `recv`, which inserts the VCL code in the `vcl_recv` subroutine, below the boilerplate VCL and above any objects. See the [Fastly VCL snippet reference](https://docs.fastly.com/api/config#api-section-snippet) for the list of snippet types. diff --git a/src/cloud/cdn/fastly-vcl-whitelist.md b/src/cloud/cdn/fastly-vcl-whitelist.md index 7ab62dfd833..51ba3cc302b 100644 --- a/src/cloud/cdn/fastly-vcl-whitelist.md +++ b/src/cloud/cdn/fastly-vcl-whitelist.md @@ -76,7 +76,7 @@ Before creating your own snippet from this example, review the values to determi - `name` — Name for the VCL snippet. For this example, `allowlist`. -- `priority` — Determines when the VCL snippet runs. The priority is `5` to immediately run and check whether a Magento Admin UI requests are coming from an allowed IP address. The snippet runs before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. You must set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Lower priority numbers execute first. +- `priority` — Determines when the VCL snippet runs. The priority is `5` to immediately run and check whether a Magento Admin UI requests are coming from an allowed IP address. The snippet runs before any of the default Magento VCL snippets (`magentomodule_*`) assigned a priority of 50. You must set the priority for each custom snippet higher or lower than 50 depending on when you want your snippet to run. Snippets with lower priority numbers run first. - `type` — Specifies a location to insert the snippet in the versioned VCL code. This VCL is a `recv` snippet type which adds the snippet code to the `vcl_recv` subroutine below the default Fastly VCL code and above any objects. From fded85f90d2b9e4fc538f7e0db9cf3bf8c55fe37 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Tue, 17 Mar 2020 17:33:38 -0500 Subject: [PATCH 18/20] Fixed instance of "escape special characters" --- src/cloud/cdn/fastly-vcl-blocking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index e8bb4ff1a34..38d21c676f8 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -105,7 +105,7 @@ Fastly validates the updated version of the VCL code during the upload process. The following examples show how to block requests using inline condition statements instead of an ACL list. {: .bs-callout-warning} -In these examples, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. You can submit the [VCL snippet from the Admin UI](#complete), or as a JSON string using the Fastly API. If you use the Fastly API with a JSON string, you must escape special characters to prevent validation errors. +In these examples, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. You can submit the [VCL snippet from the Admin UI](#complete), or as a JSON string using the Fastly API. If you use the Fastly API with a JSON string, you must use a backslash to escape special characters to prevent validation errors. See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. ### VCL code sample: Block by country code From 0204f8a75b15148c0892770171009035dd810c13 Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Wed, 18 Mar 2020 10:56:52 -0500 Subject: [PATCH 19/20] Fix broken link --- src/cloud/cdn/fastly-vcl-blocking.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index 38d21c676f8..57d5792fa90 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -68,7 +68,7 @@ After reviewing and updating the code for your environment, use either of the fo - Save the JSON code example to a file (for example, `blocklist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. -## Add the custom VCL snippet {#complete} +## Add the custom VCL snippet {% include cloud/admin-ui-login-step.md %} @@ -96,7 +96,8 @@ After reviewing and updating the code for your environment, use either of the fo 1. After the page reloads, click **Upload VCL to Fastly** in the *Fastly Configuration* section to add the file to the Fastly service configuration. -1. After the upload completes, refresh the cache according to the notification at the top of the page. +1. After the upload +s, refresh the cache according to the notification at the top of the page. Fastly validates the updated version of the VCL code during the upload process. If the validation fails, edit the custom VCL snippet to fix the issue. Then, upload the VCL again. @@ -105,7 +106,7 @@ Fastly validates the updated version of the VCL code during the upload process. The following examples show how to block requests using inline condition statements instead of an ACL list. {: .bs-callout-warning} -In these examples, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. You can submit the [VCL snippet from the Admin UI](#complete), or as a JSON string using the Fastly API. If you use the Fastly API with a JSON string, you must use a backslash to escape special characters to prevent validation errors. +In these examples, the VCL code is formatted as a JSON payload that can be saved to a file and submitted in a Fastly API request. You can submit the [VCL snippet from the Admin UI](#add-the-custom-vcl-snippet), or as a JSON string using the Fastly API. If you use the Fastly API with a JSON string, you must use a backslash to escape special characters to prevent validation errors. See [Using dynamic VCL snippets](https://docs.fastly.com/vcl/vcl-snippets/) in the Fastly VCL documentation. ### VCL code sample: Block by country code From 10edee40e512502a936c967de7f0ebe5b25c605c Mon Sep 17 00:00:00 2001 From: Margaret Eker Date: Wed, 18 Mar 2020 16:08:09 -0500 Subject: [PATCH 20/20] Update src/cloud/cdn/fastly-vcl-blocking.md Co-Authored-By: hguthrie --- src/cloud/cdn/fastly-vcl-blocking.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/cloud/cdn/fastly-vcl-blocking.md b/src/cloud/cdn/fastly-vcl-blocking.md index 57d5792fa90..631bf6fa3fb 100644 --- a/src/cloud/cdn/fastly-vcl-blocking.md +++ b/src/cloud/cdn/fastly-vcl-blocking.md @@ -96,8 +96,7 @@ After reviewing and updating the code for your environment, use either of the fo 1. After the page reloads, click **Upload VCL to Fastly** in the *Fastly Configuration* section to add the file to the Fastly service configuration. -1. After the upload -s, refresh the cache according to the notification at the top of the page. +1. After the uploads, refresh the cache according to the notification at the top of the page. Fastly validates the updated version of the VCL code during the upload process. If the validation fails, edit the custom VCL snippet to fix the issue. Then, upload the VCL again.