This topic describes basic security protection features provided by Content Delivery Network (CDN).
- Hotlink protection
As an HTTP header field, Referer indicates a URL that can be used to track and identify where an HTTP request comes from. You can configure hotlink protection based on the Referer field to filter requests. In the CDN console, you can configure a whitelist or blacklist of the Referer field values, and specify whether to allow any request with an empty Referer field to retrieve CDN resources. A request with a domain name in the whitelist is allowed. A request with a domain name in the blacklist is rejected. The blacklist and whitelist are mutually exclusive, and whichever is configured last takes effect. In this way, hotlink protection can block malicious requests and secure your business. For more information about the configuration, see Configure hotlink protection.
- IP address blacklist or whitelist
You can configure an IP address blacklist to restrict requests from the specified IP addresses. For more information about the configuration, see Configure an IP address blacklist or whitelist.
- URL signing
The URL signing feature prevents unauthorized requests for confidential resources from your origin server. You can configure the rule of signing a specified URL with the key information provided in a specific signing type. This feature can be used to authenticate requests for classified files. A client has to calculate a temporary signature for each request. We recommend that you do not enable this feature for retrieval of common files. Otherwise, compared with the use of a common URL, it takes more time to retrieve common resources based on URL signing. For more information about the configuration, see Configure URL signing.