All Products
Search
Document Center

Anti-leech

Last Updated: Nov 15, 2018

Function

The anti-leech function uses the HTTP Referer header to track the sources of requests and verify the requests. You can control the access to CDN resources by configuring a Referer blacklist or whitelist to identify and filter visitors.

Currently, the anti-leech function supports both the blacklist and whitelist. After a visitor initiates a request to access CDN resources, the CDN node authenticates the visitor against the blacklist or whitelist. If the visitor is in the blacklist, the request is rejected and error code 403 is returned.

Notes:

  • This function is optional and is disabled by default.
  • To enable this function, edit the Referer Blacklist or Referer Whitelist. The Referer Blacklist and Whitelist are mutually exclusive. You can choose only one of them.
  • You can allow requests with an empty Referer header to access the CDN resources. This means that you can allow visitors to directly access CDN resources by entering URLs in a web browser’s address bar).
  • After you enable this function, wildcard domain names are supported. For example, you can enter example.com to include all *.example.com subdomain names.
  • If you disallow requests with an empty Referer header, be sure to configure HTTPS secure acceleration and enable force HTTPS redirect (HTTP to HTTPS). Some browsers remove the Referer header when processing HTTPS requests, resulting in access failure.
  • The blacklist and whitelist only work for enabled domain names, but not disabled domain names.

Procedure

Go to the Domain Names page, select the target domain name, and click Configure.

Anti-leech

Notes:

  • For each CDN domain for VOD, the Referer blacklist or whitelist can contain a maximum of 100 entries.
  • When the Referer Whitelist is enabled, you must manually add aliyun.com and alicdn.com to it to ensure that videos and images in the console can be displayed properly.