All Products
Search

This Product

    Server Load Balancer:AScript common scenarios

    Document Center

    Server Load Balancer:AScript common scenarios

    Last Updated:Mar 26, 2024

    This topic describes how to create custom forwarding rules in common scenarios, such as configuring hotlink protection, whitelists, blacklists, request headers, response headers, rewrites, redirects, and remote authentication. This topic also provides sample scripts for the scenarios.

    Hotlink protection

    Configure custom authentication algorithms

    The following example shows how to configure custom authentication algorithms:

    • Requirements

      • Request URL format: /path/digest/?.tskey=&t=.

      • For .ts requests, the requirements for configuring custom hotlink protection are:

        • Rule 1: If the request does not contain the t or key parameter, the HTTP 403 status code is returned and the X-AUTH-MSG response header is added to indicate the cause of failure.

        • Rule 2: The t parameter specifies the absolute expiration time. If the time specified by t is earlier than the current time, the HTTP 403 status code is returned and the X-AUTH-MSG response header is added to indicate the cause of failure.

        • Rule 3: Compare the md5 value with the digest value. If the md5 value does not match the digest value, the HTTP 403 status code is returned.

          Value format of the md5 value: Private key + Path + File name.extension.

    • Sample script 

      if eq(substr($uri, -3, -1), '.ts') {

  if or(not($arg_t), not($arg_key)) {
       add_rsp_header('X-AUTH-MSG', 'auth failed - missing necessary arg')
       exit(403)
   }

   t = tonumber($arg_t)
   if not(t) {
       add_rsp_header('X-AUTH-MSG', 'auth failed - invalid time')
       exit(403)
   }

   if gt(now(), t) {
       add_rsp_header('X-AUTH-MSG', 'auth failed - expired url')
       exit(403)
   }

    pcs = capture($request_uri,'^/([^/]+)/([^/]+)/([^?]+)%?(.*)')
    sec1 = get(pcs, 1)
    sec2 = get(pcs, 2)
    sec3 = get(pcs, 3)

    if or(not(sec1), not(sec2), not(sec3)) {
        add_rsp_header('X-AUTH-MSG', 'auth failed - malformed url')
        exit(403)
    }

    key = 'b98d643a-9170-4937-8524-6c33514bbc23'
    signstr = concat(key, sec1, sec3)
    digest = md5(signstr)
    if ne(digest, sec2) {
        add_rsp_header('X-AUTH-DEBUG', concat('signstr: ', signstr))
        add_rsp_header('X-AUTH-MSG', 'auth failed - invalid digest')
        exit(403)
    }

}

    Configure User-Agent blacklists

    The following example shows how to configure a User-Agent blacklist:

    • Requirements: If a request carries the User-Agent header that starts with ijkplayer or Ysten, the HTTP status code 403 is returned.

    • Sample script 

      if and($http_user_agent, match($http_user_agent, '^[ijkplayer|Ysten].*$')) {
    add_rsp_header('X-BLOCKLIST-DEBUG', 'deny')
    exit(403)
}

    Configure Referer whitelists

    The following example shows how to configure a Referer whitelist:

    • Requirements: If the Referer header of a request is not http[s]://***alibaba.com***, the HTTP 403 status code is returned.

    • Sample script 

      if and($http_referer, match($http_referer, '^(http|https)://(.)+\.alibaba\.com.*$')) {
    return true
}

add_rsp_header('X-WHITELIST-DEBUG', 'missing')
exit(403)

    Blacklists and whitelists

    Configure IP blacklists

    The following example shows how to configure an IP blacklist:

    • Requirements: If a request is sent from 127.0.0.1 or 10.0.0.1, the HTTP 403 status code is returned.

    • Sample script 

      if match($remote_addr, '127.0.0.1|10.0.0.1') {
    add_rsp_header('X-IPBLOCK-DEBUG', 'hit')
    exit(403)
}

    Custom request headers and response headers

    Configure automatic file renaming

    The following example shows how to configure automatic file renaming:

    • Requirements: If the filename parameter is specified, the file is automatically renamed the value specified by the filename parameter. If the filename parameter is not specified, the default filename is used.

    • Sample script

      if $arg_filename {
  hn = 'Content-Disposition'
    hv = concat('attachment;filename=', $arg_filename)
    add_rsp_header(hn, hv)
}

    • Example:

      add_rsp_header('Content-Disposition', concat('attachment;filename=', tochar(34), filename, tochar(34)))
      Note

      • You can add the response header Content-Disposition:attachment to HTTP responses to have the message body automatically downloaded. In addition, if a response carries the filename parameter, the file is automatically renamed the value of filename. If the response does not carry the filename parameter, the default name is used.

      • The filename value enclosed in double quotation marks (" ") in ASCII can be converted to a string by using ToChar. The ASCII code for the double quotation marks (" ") is 34.

    • Output:

      Content-Disposition: attachment;filename="monitor.apk"

    Overwrite response headers

    The following example shows how to overwrite a response header:

    • Requirements: Overwrite the response header Content-Typ.

    • Sample script

      add_rsp_header('Content-Type', 'audio/mpeg')

    Custom rewrites and redirects

    Rewrite URIs

    The following example shows how to rewrite a URI:

    • Requirements: Rewrite /hello in user requests to /index.html. As a result, the URI of the back-to-origin request and the cached URI are changed to /index.html. Other parameters remain unchanged.

    • Sample script 

      if match($uri, '^/hello$') {
    rewrite('/index.html', 'break')
}

    Rewrite file extensions

    The following example shows how to rewrite file extensions:

    • Requirements: Rewrite /1.txt to /1.<URL parameter type>. For example, /1.txt?type=mp4 can be rewritten to /1.mp4?type=mp4 in back-to-origin requests and cached.

    • Sample script 

      if and(match($uri, '^/1.txt$'), $arg_type) {
     rewrite(concat('/1.', $arg_type), 'break')
}

    Convert file extensions to lowercase letters

    The following example shows how to convert file extensions to lowercase letters:

    • Requirements: Convert URI strings to lowercase letters.

    • Sample script

      pcs = capture($uri, '^(.+%.)([^.]+)')
section = get(pcs, 1)
postfix = get(pcs, 2)

if and(section, postfix) {
    rewrite(concat(section, lower(postfix)), 'break')
}

    Add a URI prefix

    The following example shows how to add a URI prefix:

    • Requirements: Rewrite ^/nn_live/(.*) in user requests to /3rd/nn_live/$1.

    • Sample script

      pcs = capture($uri, '^/nn_live/(.*)')
sec = get(pcs, 1)

if sec {
     dst = concat('/3rd/nn_live/', sec)
     rewrite(dst, 'break')
}

    Perform 302 redirects

    The following example shows how to perform 302 redirects:

    • Requirements: Perform a 302 redirect from the / root directory to /app/movie/pages/index/index.html.

    • Sample script

      if eq($uri, '/') {
    rewrite('/app/movie/pages/index/index.html', 'redirect')
}

    Perform a 302 redirect to HTTPS

    The following example shows how to perform a 302 redirect to HTTPS

    • Requirements

      Redirect the following URIs that match the ^/$ root directory to https://aliyun.com:

      • http://rtmp.cdnpe.com

      • https://rtmp.cdnpe.com

      You can replace the URI to which you want to redirect with a custom value based on your business requirements.

    • Sample script 

      if eq($uri, '/') {
    rewrite('https://aliyun.com', 'redirect')
}

    Remote authentication

    Configure custom remote authentication

    The following example shows how to configure custom remote authentication:

    • Requirements: Implement access control based on request formats. The authentication responses determine whether the requests pass the authentication.

    • Sample script

      auth_addr = 'http://xx.cn/outer/cdn/checkplay?host='
remote_addr_t = ''
if $remote_addr {
    remote_addr_t = $remote_addr
}
sp = ''
if $arg_sp {
    sp = $arg_sp
}
token = ''
if $arg_token {
    token = $arg_token
}
auth_key = ''
if $arg_auth_key {
    auth_key = $arg_auth_key
}
t_cookie = ''
if $http_cookie {
    t_cookie = $http_cookie
}
referer = ''
if $http_referer {
    referer = $http_referer
}
range = ''
if $http_range {
    range = $http_range
}

auth_addr = concat(auth_addr, $host, '&ip=', remote_addr_t, '&sp=', sp, '&token=', token, '&auth_key=', auth_key, '&cookie=', t_cookie, '&referer=', referer, '&range=', range)
req_info = []
set(req_info, 'addr', auth_addr)
set(req_info, 'retry', 1)
set(req_info, 'timeout', 1000)
set(req_info, 'method', 'POST')
req_header = []
set(req_header, 'Connection', 'close')
set(req_info, 'send_headers', req_header)
rs = http_request(req_info)
if rs {
    code = get(rs, 'code')
    if eq(code, '403') {
        exit(403)
    }
    headers = get(rs, 'headers')
    if headers {
        x_limit_rate_after = get(headers, 'x-limit-rate-after')
        if and(x_limit_rate_after, match_re(x_limit_rate_after, '\d+(k|m|g)$')) {
            num = substr(x_limit_rate_after, 1, -2)
            unit = substr(x_limit_rate_after, -1, -1)
            limit_rate_after(tonumber(num), unit)
        }
        x_speed = get(headers, 'x-speed')
        if and(x_speed, match_re(x_speed, '\d+(k|m|g)$')) {
           num = substr(x_speed, 1, -2)
           unit = substr(x_speed, -1, -1)
           limit_rate(tonumber(num), unit)
        }
    }
}