Order of security features verification
The documentation only applies to instances deployed on Alokai@Edge.
This document describes the order in which security features are processed and verified in Alokai@Edge. Understanding this sequence is important for configuring and troubleshooting access control and security mechanisms.
Order of Security Features Verificationri:link
- IP Access List
Incoming requests are first checked against a list of allowed or blocked IP addresses. Requests from disallowed IPs are immediately rejected. Read more about IP access list - Header Access List
If the request passes the IP check, it is then verified against allow and block lists for specific HTTP headers. Only requests that meet the allow list criteria and are not on the block list are allowed to proceed. Read more about Header access list - Basic Authentication
After passing the header check, the request is challenged for basic authentication credentials. Only requests with valid username and password combinations are permitted. Read more about Basic Auth - Maintenance Mode
If maintenance mode is enabled, all requests (except those from whitelisted sources) are blocked, and a maintenance response is returned. Header access list
This strict order ensures that the most restrictive and least resource-intensive checks are performed first, optimizing both security and performance.