Retrieve the current POP IP list for Azure Content Delivery Network

  • Article

Important

Azure CDN Standard from Microsoft (classic) will be retired on September 30, 2027. To avoid any service disruption, it is important that you migrate your Azure CDN Standard from Microsoft (classic) profiles to Azure Front Door Standard or Premium tier by September 30, 2027. For more information, see Azure CDN Standard from Microsoft (classic) retirement.

Retrieve the current Edgio POP IP list for Azure Content Delivery Network

You can use the REST API to retrieve the set of IPs for Edgio's point of presence (POP) servers. These POP servers make requests to origin servers that are associated with Azure Content Delivery Network endpoints on an Edgio profile (Azure Content Delivery Network Standard from Edgio or Azure CDN Premium from Edgio). This set of IPs is different from the IPs that a client would see when making requests to the POPs.

For the syntax of the REST API operation for retrieving the POP list, see Edge Nodes - List.

Retrieve the current Microsoft POP IP list for Azure Content Delivery Network

To lock down your application to accept traffic only from point of presence (POP) servers utilized by Microsoft's content delivery network (CDN) offerings (Azure Front Door, Azure Front Door Classic, or Azure CDN from Microsoft), you need to set up IP access control lists (ACLs) for your backend. You might also restrict the set of accepted values for the header 'X-Forwarded-Host' sent by Azure Content Delivery Network from Microsoft. These steps are detailed as followed:

Configure IP ACLing for your backends to accept traffic from Azure Content Delivery Network from Microsoft's backend IP address space and Azure's infrastructure services only.

To configure Microsoft's backend IP ranges with Azure Content Delivery Network from Microsoft, use the AzureFrontDoor.Backend service tag. For a complete list, see IP Ranges and Service tags for Microsoft services.

Typical use case

For security purposes, you can use this IP list to enforce that requests to your origin server are made only from a valid Edgio POP. For example, if someone discovered the hostname or IP address for a content delivery network endpoint's origin server, one could make requests directly to the origin server, therefore bypassing the scaling and security capabilities provided by Azure Content Delivery Network. By setting the IPs in the returned list as the only allowed IPs on an origin server, this scenario can be prevented. To ensure that you have the latest POP list, retrieve it at least once a day.

Next steps

For information about the REST API, see Azure Content Delivery Network REST API.