Function overview

Private bucket back-to-origin authentication is performed when traffic of a CDN domain is diverted to the bucket marked as private under a user account. After authentication is successful and authentication configuration is enabled, domain names enabled with private bucket authentication have the permission to access the private bucket.

You can use functions such as the referer anti-leech protection and authorization provided by CDN to protect resource security.

  • After authentication is successful and the private bucket function of corresponding domains are enabled, the CDN domain can be used to access the resource content in your private bucket. Consider carefully when you decide whether to enable this function. If the content in the private bucket to be authorized is not suitable to function as the back-to-origin content of the CDN domain, do not perform authorization or enable the function.
  • If your website faces attack risks, please buy Anti-DDoS service and do not perform authorization or enable the private bucket function.


Enable private bucket back-to-origin authorization

  1. Go to Domain Namespage, select the domain name, then click Manage.
  2. Enable the function inOrigin Site Configuration,  > Private Bucket Authorization.
  3. Click Authorize Now.
  4. Authorization is successful. Enable private bucket back-to-origin configuration for the domain and click Confirm.

Disable private bucket back-to-origin authorization

If your CDN domain is sending back-to-origin requests with the private bucket as the origin site, do not disable or delete private bucket authorization.
  1. Choose Access Control > Role Management.
  2. Delete AliyunCDNAccessingPrivateOSSRole authorization.
  3. Private bucket authorization is successfully deleted.