Protection precedence

You can combine the protections offered with Content Targeting - Protection. If you do, you need to realize that various operations and settings take precedence over another, in the event of a setting conflict.

This is in place to ensure that lighter protections are executed first, versus heavier ones. (So that internal servers spend less cycles to serve a request.)

Individual protection precedence

Each individual protection is applied in the following order (lighter to heavier), with the first taking the highest precedence:

  1. IP Protection
  2. Referrer Protection
  3. Geo Protection

A “Deny” setting takes precedence over an “Allow” setting

Using the protection order defined above, if a Mode of "Deny..." set for one protection conflicts with a Mode of "Apply..." set for a lower protection, the Deny takes precedence. For example, assume you set IP Address Protection to "Deny..." a specific IP address, and then set Geo Protection to "Allow..." the Country that includes that IP address. That individual address will still be denied access.

The last "Redirect" takes precedence

If you have enabled and configured the Redirect request instead of Deny for any of the protections, and a conflict occurs, the last redirect is applied. ("Last" is based on the order defined in Individual protection precedence, above.)

  • If IP Protection applies a redirect, and Referrer Protection is set to "Deny..." a conflicting address, the request is denied.
  • If IP Protection applies a redirect, and Referrer Protection also applies a redirect, the redirect set for Referrer Protection is applied in the event of a conflict.
  • If IP Protection applies a redirect, Referrer Protection applies redirect, and GEO Protection is set to "Deny..." a conflicting address, the request is denied.
  • If IP Protection applies a redirect, Referrer Protection applies a redirect, and Geo Protection applies a redirect, the redirect set for Geo Protection is applied in the event of a conflict.