If your origin is hosted on Alibaba Cloud Object Storage Service (OSS), you can grant permissions to Dynamic Route for CDN (DCDN) to access the private OSS bucket through an accelerated domain. This helps to prevent resource hotlinking. This topic describes how to enable the access permission on private buckets.

Background information

If the origin of an accelerated domain is set to a private bucket under your account, you must authorize DCDN to access private buckets. After the required permission is granted and enabled, DCDN can use the accelerated domain to access the private bucket.

You can also use the referer-based hotlink protection and URL authentication features provided by DCDN to protect resource security. For more information, see Configure referer-based hotlink protection and Configure URL authentication.
Notice
  • You can enable private bucket access permission only for accelerated domains that use OSS buckets as origins.
  • After you perform the authorization, DCDN is granted the read-only permission on all buckets.
  • After the required permission is granted and enabled for an accelerated domain, DCDN can use the accelerated domain to access the corresponding private bucket. Enable this feature with caution. If the private bucket cannot provide suitable origin content for the accelerated domain, do not perform the authorization or enable the private bucket access permission.
  • If your website is vulnerable to attacks, purchase the Anti-DDoS Pro service. In addition, make sure that you have not authorized DCDN to access private buckets or enabled the private bucket access permission.

Procedure

  1. Log on to the Dynamic Route for CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the target domain name and click Configure.
  4. In the left-side navigation pane of the specified domain, click Origin Fetch.
  5. In the Private Bucket Origin section, click Authorize.
    Authorization confirmation
  6. Click Confirm Authorization Policy.
    Confirm the authorization
  7. In the Private Bucket Origin section, turn on Private Bucket Origin.