As a product for accelerating users’ resource files, the Alibaba Cloud CDN is incomparable to the dedicated security product Yundun in the aspect of security defense. However, some of its configurations can provide basic security defense.
This feature filters and links the domain name of the request origin based on the referrer field in the HTTP request. For detailed configuration, see the following figure. The Alibaba Cloud CDN supports three anti-leech settings: white list, blacklist, and whether to allow an empty referrer field(a new function). This feature mainly filters the addresses of the origin hosts based on their URLs. Users can specify the domain names of the request origins. Either the blacklist or the white list will take effect. This feature can be used to restrict the request origins.
This feature provides WAF to implement basic security protection. However, since they have low security thresholds and cannot be adjusted, they are unsuitable for professional protection. Users can set the IP address blacklist to restrict the origin IP addresses.
The Alibaba Cloud CDN uses this feature to protect URLs requiring high security. Users need to add authentication for specified URLs based on the specified signature mode. This feature applies only to files with high security levels since each signature needs to be temporarily generated by the client, and the access time is longer than that of common access. For detailed configuration, refer to URL authentication.