You can configure a referer blacklist or whitelist to authenticate and filter visitors. This can restrict access to Dynamic Route for CDN (DCDN) resources and improve DCDN security. This topic describes how the referer-based hotlink protection feature works and how to configure the feature.
- Hotlink protection is implemented based on the HTTP referer mechanism. The Referer header is used to track and identify where requests come from.
- You can configure a blacklist or a whitelist for hotlink protection. When a DCDN node receives resource requests from users, the node filters requests based on the configured blacklist or whitelist. If the domain name for a request is in the whitelist, the access to the requested resource is allowed. If the domain name for a request is in the blacklist, the access to the requested resource is denied and the status code 403 is returned.
- Hotlink protection is optional. By default, hotlink protection is disabled.
- Blacklists and whitelists are mutually exclusive. The most recent configuration takes effect.
- When a domain name is added to the whitelist or blacklist for hotlink protection, a wildcard (*) is automatically prepended to the domain name. For example, if you enter a.com, the domain name that actually takes effect is *.a.com. Hotlink protection takes effect on all the subdomains of a.com.
- You can select the corresponding check box to specify whether to allow requests with empty referer headers to access DCDN resources. If the check box is selected, you can access DCDN resources by entering a URL in the address bar of your browser.
- Log on to the DCDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage, and click Configure in the Actions column.
- In the left-side navigation pane on the details page of the specified domain, click Access Control.
- On the Hotlink Protection tab, turn on Hotlink Protection.
- Configure a Blacklist or a Whitelist as prompted.
Parameter Description TypeThe following types are supported:
If requests are destined for the domain names in the blacklist, the requests are not allowed to access the current resources.
Only the requests that are destined for the domain names in the whitelist are allowed to access the current resources.
Blacklists and whitelists are mutually exclusive. The most recent configuration takes effect.
Rules Separate multiple domain names with carriage return characters. You can use wildcards (*) to perform a fuzzy match. For example,
- Click OK.