Alibaba Cloud CDN enforces limits on domain names, origin servers, caching, access control, and API usage. Make sure your accelerated domain names and content comply with these requirements to avoid service disruptions or regulatory violations.
Content compliance
Alibaba Cloud reviews content on all accelerated domain names. The following types of domain names cannot be accelerated:
Websites with inaccessible content or no valid information
Illegal private game servers
Multiplayer role-playing game and card game websites
Pirated content download sites (software, books, videos, comics)
Peer-to-peer (P2P) lending websites
Unofficial lottery websites
Unlicensed hospital and pharmaceutical websites
Websites containing illicit content such as pornography, drugs, or gambling
*.example.com, if any matching domain (for example, a.example.com) contains illicit content, the entire wildcard domain name is disabled. If a domain name fails the review, check the rejection reason on the Domain Names page in the Alibaba Cloud CDN console, fix the content, and resubmit the domain name for review.Resolve content violations
Go to Security Control to check for URLs with content violations. The tool may not display all violations. Submit a ticket for a complete list.
Delete or replace the non-compliant content.
Purge and prefetch resources to make sure the previous content is no longer accessible.
If a URL is blocked, submit a ticket to unblock it after removing the non-compliant content.
Burst bandwidth and QPS throttling
Per the Alibaba Cloud International Website Product Terms of Service, apply for burst bandwidth in advance if traffic or QPS spikes are expected, including stress tests, promotional events, and major releases.
| Scenario | Required lead time |
|---|---|
| General spikes (stress tests, promotions, releases) | At least 3 business days |
| Major events (Spring Festival Gala, Double 11 Global Shopping Festival) | At least 1 month |
If the application is approved, service availability is guaranteed within the agreed burst bandwidth level.
If burst bandwidth is not applied for or the application is rejected:
Alibaba Cloud reserves the right to throttle bandwidth to maintain platform-wide stability. Throttling is not necessarily triggered and depends on service conditions and bandwidth levels. Alibaba Cloud is not responsible for reduced availability caused by throttling.
Burst bandwidth may trigger CDN throttling rules. For details, see Burst bandwidth.
Burst QPS may trigger HTTP flood protection, and the domain name may be added to a sandbox. For details, see Introduction to sandboxes.
Contact your account manager or contact us to submit an application.
Attack and abuse risks
Alibaba Cloud CDN does not provide access control or security protection by default. If a domain name is attacked or abused for data transmission, high bandwidth or traffic spikes may result in unexpectedly large bills. High bills caused by malicious attacks or data transmission abuse cannot be waived or refunded. To prevent this, see Configure high bill alerts.
Sandbox policy
If an accelerated domain name experiences DDoS attacks, HTTP flood attacks, or significant unreported traffic spikes, Alibaba Cloud CDN may add the domain name to a sandbox based on factors such as the service status of the domain name and the impact of the attack. In severe cases, all domain names under the same account are also added to the sandbox, and no new domain names can be added to the account. For details, see Introduction to sandboxes.
Accelerated domain names
Domain name format
| Item | Limit |
|---|---|
| Length | 1 to 67 characters |
| Allowed characters | Lowercase letters, digits, and hyphens (-) |
| Restrictions | Chinese characters, uppercase letters, and special characters other than hyphens are not allowed. A domain name cannot be only a hyphen, contain consecutive hyphens, or start or end with a hyphen. |
| Internationalized domain names | Perform ICP filing for the Chinese domain name, then convert it to ASCII by using Punycode (for example, xn--fiq****.xn--eq****). Use the converted domain name as the accelerated domain name. |
Wildcard domain names
| Item | Limit |
|---|---|
| Account ownership | The wildcard domain name and all matching domain names must belong to the same Alibaba Cloud account. |
| Subdomain distribution | If a wildcard domain name has not been added to any account, its subdomains can be added to different accounts. |
| Matching domain limit | Only the first 500 specific domain names matching a wildcard domain name can be accelerated. |
| Root domain exclusion | *.example.com accelerates www.example.com but not the root domain example.com. Add example.com as a separate accelerated domain name. |
For more information about wildcard domain name limits, see Does Alibaba Cloud CDN support wildcard domain names?
ICP filing
If the acceleration region is set to Global or Chinese Mainland Only, the domain name must have an ICP number. Apply through the Alibaba Cloud ICP Filing System. For details, see Check the instance for ICP filing and access information.
Domain name quotas
| Item | Limit | Adjustable |
|---|---|---|
| Domain names per account | 50 | Yes, if daily peak bandwidth exceeds 50 Mbit/s. See Quota management. |
| Duplicate domain names | A domain name already added to another Alibaba Cloud service (such as ApsaraVideo VOD or DCDN) cannot be added to Alibaba Cloud CDN. Submit a ticket if needed. |
To transfer a domain name to another Alibaba Cloud account, verify ownership first. See Transfer a domain name to another Alibaba Cloud account.
Domain name reclaiming
| Item | Limit |
|---|---|
| Auto-deletion | If a domain name is disabled for 120 days, its configuration records are deleted. This also applies to domain names that fail ownership verification. Re-add the domain name through the Alibaba Cloud CDN console. |
| Disabling rules | See Rules for disabling accelerated domain names. |
Origin servers
| Item | Limit |
|---|---|
| Origin address length | Cannot exceed 67 characters |
| Origin servers per domain name | Maximum 20 addresses |
OSS domain origin
Select the public domain name of an OSS bucket under the same account, or enter the public domain name manually (for example,
***.oss-cn-hangzhou.aliyuncs.com). Internal domain names are not supported.Set the default origin host and SNI for origin fetch to the public domain name of the OSS bucket to receive discounted rates.
To receive discounted data transfer rates between Alibaba Cloud CDN and OSS, set the origin server type to OSS Domain in the Alibaba Cloud CDN console. If set to Origin Domain, OSS identifies the traffic as outbound data transfer over the internet and standard pricing applies. For details, see Billing of OSS content acceleration.
For a step-by-step guide, see Use Alibaba Cloud CDN to accelerate the delivery of resources from OSS buckets.
IP origin
Configure one or more IP addresses. Internal IP addresses are not supported.
Both IPv4 and IPv6 addresses are supported. At least one IPv4 address is required.
A public IP address of an Elastic Compute Service (ECS) instance is exempt from manual review.
Enable origin fetch over IPv6 before configuring an IPv6 address. Otherwise, origin fetch fails. See Configure origin fetch over IPv6.
For a step-by-step guide, see Use Alibaba Cloud CDN to accelerate ECS resources.
Origin domain name
The origin domain name cannot be the same as the accelerated domain name. If they match, requests loop through POPs and never reach the origin server.
Application Load Balancer (ALB) instance addresses are supported (for example,
example.hangzhou.alb.aliyuncs.com).The origin domain name follows the same format requirements as accelerated domain names: 1 to 67 characters, lowercase letters, digits, and hyphens only.
For details, see Use Alibaba Cloud CDN to accelerate ECS resources.
Function Compute domain
Enter a Function Compute domain name from the current Alibaba Cloud account and configure the Region and Domain Name parameters. For details, see Configure a custom domain name.
Origin fetch
| Item | Limit |
|---|---|
| HTTP request header length | Cannot exceed 300 bytes |
| Origin request timeout (TCP) | 10 seconds |
| Origin request timeout (HTTP) | 30 seconds |
Default Content-Type | If the origin server does not return a Content-Type header, Alibaba Cloud CDN adds Content-Type: application/octet-stream. |
| HEAD-to-GET conversion | By default, POPs convert HEAD requests to GET requests before forwarding to the origin server. To disable this, submit a ticket. |
Request header case conversion
Custom request headers added in the Custom Request Headers dialog box are automatically converted to camel case during origin fetch:
ALI-CDNbecomesAli-CdnALICDNbecomesAlicdn
To disable automatic case conversion, add the following header in the Custom Request Headers dialog box:
Parameter:
Ali-Swift-Header-CapitalizeValue:
off
Cache purge and URL prefetch
| Item | Default quota (per account per day) | Adjustable |
|---|---|---|
| Purge by URL | 10,000 URLs | Yes, if daily peak bandwidth exceeds 200 Mbit/s. See Quota management. |
| Purge by directory | 100 directories | Yes, if daily peak bandwidth exceeds 200 Mbit/s. See Quota management. |
| URL prefetch | 1,000 URLs (by URL only) | Yes, if daily peak bandwidth exceeds 200 Mbit/s. See Quota management. |
Access control
Acceleration region restrictions
| Region setting | Behavior |
|---|---|
| Global (Excluding Chinese Mainland) | Requests are prohibited from accessing Chinese mainland POPs. Requests are dispatched to nearby POPs such as those in Hong Kong (China), Japan, or Singapore. |
Global vs. Global (Excluding Chinese Mainland)
| Aspect | Global | Global (Excluding Chinese Mainland) |
|---|---|---|
| Scope | All Alibaba Cloud CDN POPs worldwide, including the Chinese mainland | Only POPs outside the Chinese mainland, including Hong Kong (China), Macao (China), and Taiwan (China) |
| POP scheduling | Users connect to the nearest POP, including Chinese mainland POPs | Chinese mainland POPs are excluded. Users in the Chinese mainland are routed to nearby POPs such as Hong Kong (China), Japan, or Singapore, which may increase latency. |
| Access speed | Balanced acceleration for users worldwide | Optimized for users outside the Chinese mainland. Users in the Chinese mainland require cross-border access, which may affect speed. |
| Use case | Businesses serving users both inside and outside the Chinese mainland, such as multinational enterprise websites or global applications | Businesses targeting users outside the Chinese mainland, such as international media content distribution |
Response and request size limits
| Item | Limit | HTTP error code |
|---|---|---|
| Origin HTTP response headers (total) | 32 KB | 502 |
| Individual URL or HTTP request header (HTTP/2) | 32 KB | 414 |
| All URLs and HTTP request headers combined (HTTP/2) | 128 KB | 400 |
| Individual URL or HTTP request header (HTTP/1.1) | 64 KB | 414 |
| All URLs and HTTP request headers combined (HTTP/1.1) | 256 KB | 400 |
Supported request methods
| Method | Notes |
|---|---|
GET | Supported |
POST | Supports chunked encoding. Allows requests with or without a body (Content-Length=0). |
PUT | Allows requests with or without a body (Content-Length=0). |
HEAD | By default, POPs convert HEAD requests to GET before forwarding to the origin. Submit a ticket to change this behavior. |
OPTIONS | Supported |
DELETE, PATCH | Not supported. Use DCDN for dynamic content delivery. |
IoT card restrictions
Per the Ministry of Industry and Information Technology (MIIT) guidelines (MIIT Network Security Letter [2020] No. 1173), Alibaba Cloud CDN cannot accelerate devices that use IoT cards in the Chinese mainland. These devices may fail to connect to POP IP addresses.
HTTPS and SNI
If a client does not include Server Name Indication (SNI) information during the SSL handshake with a CDN POP, the POP cannot guarantee a successful handshake.
API rate limits
| Item | Limit |
|---|---|
| API calls per account | 1,000 requests per second |
If the rate limit is exceeded, the following error is returned:
ErrorCode: Throttling
ErrorMessage: Request was denied due to flow control.CNAME usage
CNAMEs assigned by Alibaba Cloud CDN, DCDN, ApsaraVideo Live, or ApsaraVideo VOD are intended for domain name resolution only. If Alibaba Cloud discovers malicious use of a CNAME, Alibaba Cloud reserves the right to close the account and remove all associated domain names.
File size limits
| Item | Limit |
|---|---|
| Cacheable file size | Up to 500 GB per file (for responses with Cache-Control headers that allow caching) |
| File upload through CDN | Up to 300 MB per file |
EdgeScript
By default, only 1 EdgeScript script can be configured per domain name. To configure multiple scripts, use Modify Outgoing Request Header.
Feature configuration limits
A maximum of 50 configurations can be added per domain name, including but not limited to: Modify Outgoing Request Header, Modify Incoming Request Header, Origin URL Rewrite, Parameter Rewrite, and Cache Expiration.
Compression limits
Gzip and Brotli compression apply only to files between 1 KB and 10 MB on the origin server. Files smaller than 1 KB or larger than 10 MB are not compressed.