This topic describes examples of EdgeScript rules that can be applied to specific scenarios.

Remote authentication for FLV pull

The following example shows how to use remote authentication for FLV pull:
  • Requirements

    Synchronizes the result of remote authentication and sends the request URL as a header to the custom request API.

  • EdgeScript rule
    if eq(substr($uri, -4, -1), '.flv') {
    
        auth_addr = concat('http://xxx/sample/auth')
    
        req_info = []
        set(req_info, 'addr', auth_addr)
        set(req_info, 'retry', 1)
        set(req_info, 'timeout', 3000)
        set(req_info, 'method', 'POST')
    
        req_header_t = []
        set(req_header_t, 'Connection', 'close')
        set(req_header_t, 'Request-Url', $request_uri)
        set(req_info, 'send_headers' , req_header_t)
    
        rs = http_request(req_info)
    
        if rs {
            rscode = get(rs, 'code')
            if ne(rscode, 200) {
                exit(403)
            }
        }
    }

Local authentication for FLV pull

The following example shows how to use local authentication for FLV pull:
  • Requirements
    For .flv requests, the requirements for hotlink protection are defined as follows:
    • Rule 1: If the request does not contain the sign or expires parameter, the CDN node returns a 403 status code and adds the X-AUTH-MSG response header to indicate the cause of failure.
    • Rule 2: The t parameter specifies the expiration time. If the t parameter value is earlier than the current time, the CDN node returns a 403 status code and adds the X-AUTH-MSG response header to indicate the cause of failure.
    • Rule 3: The value of md5 matches the value of sign. If both values do not match, the CDN node returns a 403 status code. The response header X-AUTH-MSG is added to indicate the cause of failure.
  • Parameters
    • expires: the URL parameter, which defines the expiration time (Unix timestamp). This parameter value must be greater than the current server time.
    • sign: the signature field. Rule to generate this field is: sign=md5($uri + $expires + $secret).
  • EdgeScript rule
    secret='abc'
    
    if eq(substr($uri, -4, -1), '.flv') {
    
        if or(not($arg_sign), not($arg_expires)) {
            add_rsp_header('X-AUTH-MSG', 'auth failed - missing necessary arg')
            exit(403)
        }
    
        t = tonumber($arg_expires)
        if gt(now(), t) {
            add_rsp_header('X-AUTH-MSG', 'auth failed - expired url')
            exit(403)
        }
    
        digest = md5(concat($uri, $arg_expires, secret))
        if ne(digest, $arg_sign) {
            add_rsp_header('X-AUTH-MSG', 'auth failed - invalid sign')
            exit(403)
        }
    }

User-Agent blacklist for FLV pull

The following example shows how to use the User-Agent blacklist for FLV pull:
  • Requirements

    The User-Agent blacklist feature.

    The hyphens (-) in the request header need to be replaced with underscores (_). For example, X-USER-ID is replaced with x_user_id.

  • EdgeScript rule
    if eq(substr($uri, -4, -1), '.flv') {
    
        blacklist = []
        set(blacklist, 'black1', 1)
        set(blacklist, 'black2', 1)
    
        ua = req_header('user_agent')
    
        if eq(get(blacklist, ua), 1) {
            exit(403)
        }
    }

FLV streaming prohibition by IP address

The following example shows how to use the IP address blacklist for FLV pull:
  • Requirements

    Prohibits users originated from Singapore, Taiwan (China), Zhuhai, and China Telecom from streaming FLV content.

    Note For more information about country codes, see IP geolocation database.
  • EdgeScript rule
    if eq(substr($uri, -4, -1), '.flv') {
        c_country = client_country()
        c_region = client_region()
        c_city = client_city()
        c_isp = client_isp()
        
        if eq(c_country, 'SG') {
            exit(403)
        }
      
        if eq(c_region, 'TW_01') {
            exit(403)
        }
      
        if eq(tonumber(c_city), 440400) {
            exit(403)
        }
      
        if eq(tonumber(c_isp), 100017) {
            exit(403)
        }
    }

URI rewrite for FLV pull

The following example shows how to use URI rewrite for FLV pull:
  • Requirements

    Add a suffix to the URI based on the pattern parameter. Example:

    pattern = 1, uri = /test/live.flv --> /test/live1.flv

  • EdgeScript rule
    if eq(substr($uri, -4, -1), '.flv') {
        if $arg_pattern {
            dst = concat(substr($uri, 1, -5), $arg_pattern, '.flv')
            rewrite(dst, 'break')
        }
    }

Customize the authentication logic

The following example shows custom authentication algorithms:
  • Requirements
    • Request URL format: /path/digest/?.ts? key=&t=
    • For .ts requests, the requirements for customizing hotlinking protection are:
      • Rule 1: If the request does not contain the t or key parameter, the CDN node returns the 403 status code and adds the X-AUTH-MSG response header to indicate the failure cause.
      • Rule 2: The t parameter specifies the expiration time. If the specified t parameter is earlier than the current time, the CDN node returns the 403 status code and adds the X-AUTH-MSG response header to indicate the failure cause.
      • Rule 3: The CDN node compares the md5 parameter with the digest parameter. If md5 does not match digest, the CDN node returns the 403 status code.

        Value format of the md5 parameter: Private key + Path + File name.extension.

  • Corresponding EdgeScript script:
    if eq(substr($uri, -3, -1), '.ts') {
    
       if or(not($arg_t), not($arg_key)) {
           add_rsp_header('X-AUTH-MSG', 'auth failed - missing necessary arg')
           exit(403)
       }
    
       t = tonumber($arg_t)
       if not(t) {
           add_rsp_header('X-AUTH-MSG', 'auth failed - invalid time')
           exit(403)
       }
    
       if gt(now(), t) {
           add_rsp_header('X-AUTH-MSG', 'auth failed - expired url')
           exit(403)
       }
    
        pcs = capture_re($request_uri,'^/([^/]+)/([^/]+)/([^?] +)\?(.*)')
        sec1 = get(pcs, 1)
        sec2 = get(pcs, 2)
        sec3 = get(pcs, 3)
    
        if or(not(sec1), not(sec2), not(sec3)) {
            add_rsp_header('X-AUTH-MSG', 'auth failed - malformed url')
            exit(403)
        }
    
        key = 'b98d643a-9170-4937-8524-6c33514bbc23'
        signstr = concat(key, sec1, sec3)
        digest = md5(signstr)
        if ne(digest, sec2) {
            add_rsp_header('X-AUTH-DEBUG', concat('signstr: ', signstr))
            add_rsp_header('X-AUTH-MSG', 'auth failed - invalid digest')
            exit(403)
        }
    
    }

Customize request headers and response headers

The following example shows automatic file renaming:
  • Requirements

    If the filename parameter is set, the file is automatically renamed the value specified by the filename parameter. If no file name is specified, the default file name is used.

  • Corresponding EdgeScript script:
    // The value for the filename parameter is enclosed in a pair of double quotation marks (""). The string "34" is the ASCII string for double quotation marks. It can be converted back to the quotation mark string ("") through the tochar function.
    // Example: add_rsp_header('Content-Disposition', concat('attachment;filename=', tochar(34), filename, tochar(34)))
    // Output: Content-Disposition: attachment;filename="monitor.apk"
    
    if $arg_filename {
        hn = 'Content-Disposition'
        hv = concat('attachment;filename=', $arg_filename)
        add_rsp_header(hn, hv)
    }

Customize rewrites or redirects

The following examples show how to customize rewrites and redirects:
  • Rewrite a URI.
    • Requirements

      Configure Alibaba Cloud Content Delivery Network (CDN) to rewrite /hello as /index.html. As a result, the URI of the back-to-origin request is changed to /index.html and the parameters remain unchanged.

    • Corresponding EdgeScript script:
      if match_re($uri, '^/hello$') {
          rewrite('/index.html', 'break')
      }
  • Rewrite a file extension.
    • Requirements

      Configure Alibaba Cloud CDN to rewrite /1.txt as /1<url parameter type>. For example, /1.txt? type=mp4 will be rewritten as /1.mp4? type=mp4 in back-to-origin requests and cached on CDN nodes.

    • Corresponding EdgeScript script:
      if and(match_re($uri, '^/1.txt$'), $arg_type) {
           rewrite(concat('/1.', $arg_type), 'break')
      }
  • Convert a file extension to lowercase letters.
    • Requirements

      Convert the URI string to lowercase letters.

    • Corresponding EdgeScript script:
      pcs = capture_re($uri, '^(. +%.)([ ^.]+)')
      section = get(pcs, 1)
      postfix = get(pcs, 2)
      
      if and(section, postfix) {
          rewrite(concat(section, lower(postfix)), 'break')
      }
  • Add a URI prefix.
    • Requirements

      Configure Alibaba Cloud CDN to rewrite ^/nn_live/(. *) as /3rd/nn_live/$1.

    • Corresponding EdgeScript script:
      pcs = capture_re($uri, '^/nn_live/(.*)')
      sec = get(pcs, 1)
      
      if sec {
           dst = concat('/3rd/nn_live/', sec)
           rewrite(dst, 'break')
      }
  • Set a 302 redirect.
    • Requirements

      Perform a 302 redirect to /app/movie/pages/index/index.html for the / root directory.

    • Corresponding EdgeScript script:
      if eq($uri, '/') {
          rewrite('/app/movie/pages/index/index.html', 'redirect')
      }
  • Set a 302 redirect to HTTPS URIs
    • Requirements
      Redirect the following URIs that match the ^/$ root directory to https://rtmp.cdnpe.com/index.html. You can specify the destination URI as needed.
      • http://rtmp.cdnpe.com
      • https://rtmp.cdnpe.com
    • Corresponding EdgeScript script:
      if eq($uri, '/') {
          rewrite('https://rtmp.cdnpe.com/index.html', 'redirect')
      }