CDN:Limits

Restriction

Description

Content policy

All domain names added to CDN are subject to a content review. CDN does not support acceleration for domain names associated with content such as:

• Websites that are inaccessible or have no substantive content.

• Private game servers.

• Websites related to certain role-playing or card-based games.

• Websites that distribute pirated software, novels, videos, comics, or other content that infringes on copyrights.

• Peer-to-peer (P2P) financial websites.

• Lottery websites.

• Websites for non-compliant hospitals and pharmaceuticals.

• Content related to pornography, illegal drugs, or gambling.

Handling content violations and suspensions

1. Log on to the Alibaba Cloud Security Management Console to view the URLs that violate the policy. This platform may only display a portion of the violating content. You can submit a ticket to request more detailed information.

2. Use the violating URLs to locate the violating files, and then delete or replace them.

3. After you address the violating files, refresh the CDN cache to ensure the content is no longer accessible.

4. If your domain name has been suspended, you can submit a ticket to request its reactivation after you have removed the violating content.

Throttling rules for traffic bursts

As stipulated in the Product Terms of the Alibaba Cloud Service Agreement, if you anticipate a sudden bandwidth or QPS surge — including capacity tests, performance tests, promotions, or major releases — you must apply for a temporary traffic quota increase. Contact your account manager or apply through other channels at least three business days in advance. For major holidays (Spring Festival, Double 11), apply at least one month in advance.

• If your application is approved, your service will not be affected within the agreed-upon traffic burst limit.

• If your application is not approved or you do not apply, Alibaba Cloud reserves the right to implement measures such as throttling to ensure network stability for all users. Whether throttling triggers depends on your domain's business type and the traffic burst magnitude. Alibaba Cloud is not liable for availability issues caused by these measures.

• Failure to apply for a temporary quota increase may lead to the following issues:

  • A sudden bandwidth increase may trigger CDN throttling rules. Sudden increase in bandwidth.

  • A sudden increase in QPS may trigger Alibaba Cloud CDN's CC protection rules, causing the domain name to be moved to a sandbox.

Potential risks from attacks or resource abuse

By default, Alibaba Cloud CDN does not provide access control or security protection. If your domain experiences a sudden bandwidth or traffic spike from malicious attacks or resource abuse, you may incur unexpectedly high charges.

Charges incurred from malicious attacks or resource abuse cannot be waived or refunded. Mitigate this risk by following Warning about high bills.

Domain name sandbox mode

Sandbox: If your domain name is under attack, such as a DDoS or CC attack, or if you do not report a traffic surge to Alibaba Cloud in advance and the bandwidth or queries per second (QPS) significantly increases, the CDN system may add your domain name to a sandbox. This prevents other users' acceleration services from being affected. The system determines whether to add the domain name to the sandbox based on factors such as the service status and the severity of the attack. In the case of a severe attack, other domain names under the same account are also added to the sandbox, and you cannot add new domain names to the account. For more information, see Sandbox.

Restriction

Description

Domain name format

• The total length of a domain name, such as image.example.com, cannot exceed 100 characters.

• The subdomain part of the domain name cannot exceed 64 characters in length. For example, for the domain name image.example.com, the subdomain is image after the root domain example.com is removed.

• The domain name can contain lowercase letters (a to z), digits (0 to 9), and hyphens (-). Example: example.com.

• The domain name cannot contain Chinese characters, uppercase letters (A to Z), or special characters other than hyphens (-). A hyphen (-) cannot be used consecutively, used alone, or at the beginning or end of the domain name. If a domain name contains Chinese characters, such as `Alibaba Cloud.URL`, complete ICP filing for the Chinese domain name. Then, use a Punycode tool to convert the domain name to an English domain name, such as `xn--fiq****.xn--eq****`, and add the converted domain name.

Wildcard domain name requirements

• CDN supports wildcard domain names. For more information about the rules for adding wildcard domain names, see Does CDN support wildcard domain names?.

• The wildcard domain name and its subdomains must be under the same Alibaba Cloud account. Otherwise, an error is reported when you add the domain names.

• If a wildcard domain name is not added to any CDN account, you can add its subdomains to multiple Alibaba Cloud accounts.

• When you add a wildcard domain name, such as .aliyundoc.com, and exact-match domain names, such as example.aliyundoc.com, to CDN, the maximum number of exact-match domain names is 500. If you add more than 500 exact-match domain names, the new domain names cannot be accelerated by CDN.

  Note

  The acceleration of the first 500 exact-match domain names is not affected.

• If your accelerated domain name is a wildcard domain name such as *.example.com, the subdomain www.example.com can be accelerated, but the apex domain example.com cannot. You can add and configure example.com as a separate accelerated domain name.

ICP filing requirements

ICP filing: If the acceleration region is Global or Mainland China Only, you must apply for an ICP filing for the domain name, regardless of where the origin server is located. We recommend that you use the Alibaba Cloud Filing Service to apply for an ICP filing. Before you apply for an ICP filing, see Check the server for ICP filing to complete the required preparations and checks.

After CDN acceleration is enabled, user requests route to the nearest CDN node. The accessed IP address changes based on node allocation — this is normal CDN behavior. CDN node IP changes do not affect your origin server IP or ICP filing status. ICP filing is tied to the origin server, not CDN node IPs, so you do not need to worry about your filing being revoked due to changing node IP addresses.

Domain name quantity limit

• Each Alibaba Cloud account can have a maximum of 50 accelerated domain names.

  Note

  If the average daily peak bandwidth of your domain names is greater than 50 Mbps and your services are not exposed to risks, see Manage CDN quotas to request a quota increase for domain names.

• An accelerated domain name cannot be added more than once: To transfer a CDN domain name from one Alibaba Cloud account to another, see Transfer a CDN domain name across Alibaba Cloud accounts to verify the ownership of the domain name and then transfer it to the current account. If the system prompts that the domain name has been added to another Alibaba Cloud service, such as ApsaraVideo VOD or DCDN, submit a ticket.

Domain name reclamation and suspension

• Revocation rule: If your domain name remains in the Disabled state for more than 120 days, CDN automatically deletes the records of the domain name. This rule also applies to domain names that fail ownership verification. To continue using the domain name, go to the CDN console to add it again.

• Unpublishing (offline) rule: For more information, see Announcement on the adjustment of domain name unpublishing (offline) rules.

Restriction

Description

Origin address length

The maximum length is 67 characters.

Number of origin servers

Up to 20 origin servers per accelerated domain name.

OSS Domain

• Select the public domain name of an OSS bucket under the same account from the drop-down list.

• ***.oss-cn-hangzhou.aliyuncs.comYou can manually enter the public domain name of an Alibaba Cloud OSS bucket as an origin server. Private OSS domain names are not supported. An example of a public OSS domain name is . You can find the public domain name in the OSS console.

IP

• You can configure one or more IP addresses as origin servers. Private IP addresses are not supported. Both IPv4 and IPv6 are supported, but at least one IPv4 address is required. Public ECS instance IPs do not require review. To use an IPv6 origin address, enable the IPv6-based origin fetching feature first — otherwise the address will not take effect and back-to-origin requests will fail. Configure IPv6-based Origin Fetching.

• Accelerate access to ECS resources by using CDN.

Site Domain

One or more domain names can be configured as origin servers.

Function Compute Domain

Use a Function Compute domain name from the same account as an origin server. Select the Function Compute Region and Domain Name. Configure a Custom Domain Name.

Restriction

Description

Maximum length of the back-to-origin request header

Maximum: 300 bytes.

Back-to-origin request timeout

Default: 10 seconds (TCP layer), 30 seconds (HTTP layer).

Back-to-origin Content-Type

If the origin server does not respond with Content-Type, CDN automatically adds Content-Type:application/octet-stream.

HEAD requests converted to GET requests by default

By default, when a client sends a HEAD request to an Alibaba Cloud CDN node, the node converts it to a GET request before forwarding it to the origin server. To preserve the HEAD request method, submit a ticket.

Default case conversion for origin request headers

Item

Quota

Cache refresh

• URL refresh: 10,000 URLs per day per account.

• Directory refresh: 100 directories per day per account.

If your account's daily peak bandwidth exceeds 200 Mbps, request a quota increase through Quota Management. Alibaba Cloud evaluates and configures quotas based on your business needs.

Prefetch

Only URL prefetch is supported. Quota: 1,000 URLs per day per account.

If your account's daily peak bandwidth exceeds 200 Mbps, request a quota increase through Quota Management. Alibaba Cloud evaluates and configures quotas based on your business needs.

Restriction

Description

Restriction for the "Global (Excluding the Chinese mainland)" acceleration region

If the acceleration region for an accelerated domain name is set to Global (Excluding the Chinese mainland), Alibaba Cloud CDN will block requests from accessing nodes in the Chinese mainland. In this case, user requests are routed to nearby nodes outside the Chinese mainland, such as those in Hong Kong (China), Japan, or Singapore.

Difference between "Global" and "Global (Excluding the Chinese mainland)"

1. Coverage

   • Global: All CDN nodes worldwide, including the Chinese mainland.

   • Global (Excluding the Chinese mainland): All nodes outside the Chinese mainland, including Hong Kong (China), Macao (China), and Taiwan (China).

2. Node scheduling policy

   • Global: Users route to the optimal node, including Chinese mainland nodes. Users in the Chinese mainland connect to local nodes for lower latency.

   • Global (Excluding the Chinese mainland): Chinese mainland nodes are excluded. Users there route to nearby nodes (Hong Kong, Japan, Singapore), which may increase latency.

3. Access path and speed

   • Global: All users benefit from localized acceleration for consistent speeds.

   • Global (Excluding the Chinese mainland): Optimized for users outside the Chinese mainland. Users inside must access cross-border, which may reduce speed.

4. Use cases

   • Global: Businesses serving users both inside and outside the Chinese mainland, such as multinational websites or global applications.

   • Global (Excluding the Chinese mainland): Businesses targeting users outside the Chinese mainland or those that need to avoid the network environment of the Chinese mainland, such as overseas services or international media distribution.

Total size limit for origin server HTTP response headers

The total size of the HTTP response headers returned from the origin server to a CDN node cannot exceed 32 KB. Otherwise, a 502 error is returned.

Limits on URL length, HTTP request header length, and total length of URL and all headers

For HTTP/1.1: The large_client_header_buffers value for CDN is configured as number=4, size=64 KB. This means that the length of a single HTTP request header or a single request URL cannot exceed 64 KB. Otherwise, a 414 error code is returned. Additionally, the total length of all HTTP request headers plus the URL length cannot exceed 256 KB. Otherwise, a 400 error code is returned.

Request method

Of the common HTTP request methods, CDN and support GET, PUT, POST, HEAD, and OPTIONS.

IoT card access restriction

In accordance with regulations from the Ministry of Industry and Information Technology (MIIT) of China, Alibaba Cloud CDN in the Chinese mainland does not support acceleration for IoT card terminals. Devices using IoT cards to access Alibaba Cloud CDN nodes may fail to connect.

HTTPS access restriction

If a client does not send Server Name Indication (SNI) information during the SSL handshake with a CDN node, the CDN node cannot guarantee a successful handshake.

Limit

Description

API call frequency limit per user

The API call limit for all API operations of Alibaba Cloud CDN is 1,000 calls per second per user. If this threshold is exceeded, the following error message is returned:

ErrorCode:Throttling
ErrorMessage:Request was denied due to flow control.

Restriction

Description

CNAME record

The CNAME records for Alibaba Cloud CDN, DCDN, ApsaraVideo Live, and ApsaraVideo for VOD products are intended solely for the scheduling and resolution purposes of Alibaba Cloud CDN. Alibaba Cloud reserves the right to suspend any domain names and accounts that misuse these CNAME records.

File

• File caching

  A CDN node can cache a file up to 500 GB in size, provided the origin server's response includes cacheable headers.

• File upload

  The maximum size for a single file uploaded to an origin server through Alibaba Cloud CDN is 300 MB.

Number of EdgeScript rules

By default, you can configure a maximum of two EdgeScript rules for each domain name. If you need to configure more rules, use the Modify Outgoing Request Header feature.

Number of feature configurations

You can add up to 50 configuration rules. This limit applies to features such as: Modify Outgoing Request Header, Modify Incoming Response Header, Origin Path Rewrite, Parameter Rewrite, and Cache Expiration.

Gzip and Brotli compression

Gzip or Brotli compression applies only to origin files between 1 KB and 10 MB. Files outside this range are not compressed.