All Products
Document Center

Back-to-origin using private buckets

Last Updated: Nov 15, 2018


When the traffic of a CDN domain is directed to the bucket marked as private under a user account, authorization is conducted. If the authorization is successful and the authorization configuration is enabled, you can then use a domain to access the private bucket.

To ensure resource security, you can use VOD-provided functions such as Referer anti-leech protection and authentication.


  • After the authorization is successful and the private bucket function is enabled for the corresponding domain name, you can use the CDN domain to access the resources in your private bucket. Exercise caution when deciding whether to enable this function. If the content to be authorized in the private bucket is not suitable for origin-fetching, do not authorize or enable this function.
  • If your website is vulnerable to attacks, purchase the Anti-DDoS service and do not authorize or enable the private bucket function.


  • To enable authorization for private bucket back-to-origin:

    1. Go to the Domain Names page, select the target domain name, and click Configure.

    2. Choose Back-to-Origin Settings > Back-to-Origin of Private Bucket.

    3. Click Authorize Now.


    4. After finishing the authorization, enable Back-to-Origin of Private Bucket for the domain name and click Confirm.

      Private bucket back-to-origin

  • Follow these steps to disable authorization for private bucket back-to-origin:

    Note: If you use the private bucket as the origin site for CDN domain acceleration, do not disable or delete the private bucket authorization.

    1. Choose Access Control > Role Management.

    2. Delete the AliyunVODDefaultRole authorization.