---
title: Access control lists
summary: null
url: https://www.fastly.com/documentation/reference/api/acls
---

An Access Control List (ACL) is a list of IP addresses or subnets that, in conjunction with VCL code, can be used to verify whether a specific IP address is a member of the list. Unlike [dictionaries](https://www.fastly.com/documentation/guides/concepts/edge-state/dynamic-config/#edge-dictionaries), ACLs support subnet matching and are therefore useful for allowing or blocking ranges of addresses.

ACLs have two parts: an ACL container and the ACL entries within it. Once you attach an ACL container to a version of your service and that service is activated, the data in the container (the ACL entries) becomes "versionless." This means that any updates to the ACL entries will take effect immediately, without requiring a new version of the service.

For more information about using ACLs, see [dynamic configuration](https://www.fastly.com/documentation/guides/concepts/edge-state/dynamic-config) for Fastly services.

- [ACL](https://www.fastly.com/documentation/reference/api/acls/acl/) - An access control list or "ACL" specifies individual IP addresses or subnet ranges and can be accessed and used from Fastly VCL.
- [ACL Entry](https://www.fastly.com/documentation/reference/api/acls/acl-entry/) - An ACL entry holds an individual IP address or subnet range and is a member of an ACL. ACL entries are versionless, which means they can be created, modified, or deleted without activating a new version of your service.
- [ACLs in Compute](https://www.fastly.com/documentation/reference/api/acls/acls/) - An access control list (ACL) specifies individual IP addresses or subnet ranges and can be accessed and used from the Fastly Compute platform.