This topic describes the use scenarios of EdgeScript, including authentication logic customization, request header and response header customization, rewrite and redirect customization, cache control customization, and throttling customization.

Customize authentication rules

The following example shows how to customize authentication rules:
  • Use scenario
    • Request URL format: /path/digest/?.ts?key=&t=.
    • For .ts requests, the requirements for customizing hotlink protection are:
      • Rule 1: If the request does not contain the t or key parameter, the point of presence (POP) returns the HTTP 403 status code and adds the X-AUTH-MSG response header to indicate the cause of failure.
      • Rule 2: The t parameter specifies the expiration time. If the specified t parameter is earlier than the current time, the POP returns the HTTP 403 status code and adds the X-AUTH-MSG response header to indicate the cause of failure. For this authentication, note that there may be a gap between the timestamps obtained on the client and the POP, which may cause authentication failure.
      • Rule 3: MD5 (private key + path + file name.file name extension) == digest. If the digest does not match, the POP returns the HTTP 403 status code.
  • Script
    # Determine the authentication type
    if eq(substr($uri, -3, -1), '.ts') {
      # Determine whether the parameter exists
        if or(not($arg_t), not($arg_key)) {
        add_rsp_header('X-AUTH-MSG', 'auth failed - missing necessary arg')
        exit(403)
      }
      # Determine whether the value is a number
        t = tonumber($arg_t)
      if not(t) {
        add_rsp_header('X-AUTH-MSG', 'auth failed - invalid time')
        exit(403)
      }
      # Determine whether the authentication time expires
        if gt(now(), t) {
        add_rsp_header('X-AUTH-MSG', 'auth failed - expired url')
        exit(403)
      }
      # Authentication algorithm to extract requests by using regular expressions
        pcs = capture($request_uri,'^/([^/]+)/([^/]+)/([^?]+)%?(.*)')
      sec1 = get(pcs, 1)
      sec2 = get(pcs, 2)
      sec3 = get(pcs, 3)
    
      if or(not(sec1), not(sec2), not(sec3)) {
        add_rsp_header('X-AUTH-MSG', 'auth failed - malformed url')
        exit(403)
      }
    
      key = 'b98d643a-9170-4937-8524-6c33514bbc23'
      # Sign the concatenated authentication strings
        signstr = concat(key, sec1, sec3)
      digest = md5(signstr)
      # Compare the token strings in the signature and request
        if ne(digest, sec2) {
        add_rsp_header('X-AUTH-DEBUG', concat('signstr: ', signstr))
        add_rsp_header('X-AUTH-MSG', 'auth failed - invalid digest')
        exit(403)
      }
    }

Customize request headers and response headers

The following example shows automatic file renaming:

Example:

add_rsp_header('Content-Disposition', concat('attachment;filename=', tochar(34), filename, tochar(34)))
Note
  • You can add the response header Content-Disposition:attachment to HTTP responses to have the message body automatically downloaded. In addition, if the response carries the filename parameter, it is automatically renamed filename. If the response does not carry the filename parameter, the default name is used.
  • The value for the filename parameter is enclosed in a pair of double quotation marks (""). The string "34" is the ASCII string for double quotation marks. It can be converted back to the quotation mark string ("") by using the tochar function.

Output:

Content-Disposition: attachment;filename="monitor.apk"

Script:

if $arg_filename {
    hn = 'Content-Disposition'
    hv = concat('attachment;filename=', $arg_filename)
    add_rsp_header(hn, hv)
}

Customize rewrites and redirects

The following examples show how to customize rewrites and redirects:
  • Rewrite a URI.
    • Use scenario

      Enable Alibaba Cloud CDN to rewrite /hello to /index.html. As a result, the URI of the back-to-origin request is changed to /index.html and the parameters remain unchanged.

    • Script
      if match_re($uri, '^/hello$') {
          rewrite('/index.html', 'break')
      }
  • Rewrite a file extension.
    • Use scenario

      Enable Alibaba Cloud CDN to rewrite /1.txt to /1.<URL parameter type> on CDN edge nodes. As a result, the file extension is replaced by the value of the type parameter in the request URL. For example, /1.txt?type=mp4 is changed to /1.mp4?type=mp4 before the request is redirected to the origin server. Then, the retrieved content is cached on CDN edge nodes.

    • Script
      if and(match_re($uri, '^/1.txt$'), $arg_type) {
           rewrite(concat('/1.', $arg_type), 'break')
      }
  • Convert a file extension to lowercase letters.
    • Use scenario

      Convert URI strings to lowercase letters.

    • Script
      pcs = capture_re($uri, '^(.+%.)([^.]+)')
      section = get(pcs, 1)
      postfix = get(pcs, 2)
      
      if and(section, postfix) {
          rewrite(concat(section, lower(postfix)), 'break')
      }
  • Add a URI prefix.
    • Use scenario

      Enable Alibaba Cloud CDN to rewrite ^/nn_live/(.*) to /3rd/nn_live/$1 on CDN edge nodes.

    • Script
      pcs = capture_re($uri, '^/nn_live/(.*)')
      sec = get(pcs, 1)
      
      if sec {
           dst = concat('/3rd/nn_live/', sec)
           rewrite(dst, 'break')
      }
  • Perform a 302 redirect
    • Use scenario

      Perform a 302 redirect from the / root directory to /app/movie/pages/index/index.html.

    • Script
      if eq($uri, '/') {
          rewrite('/app/movie/pages/index/index.html', 'redirect')
      }
  • Perform a 302 redirect to HTTPS URIs
    • Use scenario
      Redirect the following URIs that match the ^/$ root directory to https://rtmp.cdnpe.com/index.html. You can specify the final URI as needed.
      • http://demo.aliyundoc.com
      • https://demo.aliyundoc.com
    • Script
      if eq($uri, '/') {
          rewrite('https://demo.aliyundoc.com/index.html', 'redirect')
      }

Customize cache control

The following example shows how to customize the time-to-live (TTL) value of cached resources:
  • Use scenario

    Customize the TTL value of cached resources based on various conditions.

  • Script
    if match_re($uri, '^/image') {
        set_cache_ttl('code', '301=10,302=5')
    }
    
    if eq(substr($uri, -4, -1), '.mp4') {
        set_cache_ttl('path', 5)
    }
    if match_re($uri, '^/201801/mp4/') {
        set_cache_ttl('path', 50)
    }
    if match_re($uri, '^/201802/flv/') {
        set_cache_ttl('path', 10)
    }
    Note For URLs that start with /image, set a TTL value of 10 seconds for the HTTP 301 status code and a TTL value of 5 seconds for the HTTP 302 status code.

Customize throttling policies

The following example shows how to customize a throttling policy:
  • Use scenario

    If the sp and unit parameters are set, throttling is implemented. The sp parameter specifies the maximum threshold value before throttling is triggered. The unit parameter specifies the unit. The unit can be KB or MB.

  • Script
    if and($arg_sp, $arg_unit) {
        sp = tonumber($arg_sp)
        if not(sp) {
            add_rsp_header('X-LIMIT-DEBUG', 'invalid sp')
            return false
        }
    
        if and(ne($arg_unit, 'k'), ne($arg_unit, 'm')) {
            add_rsp_header('X-LIMIT-DEBUG', 'invalid unit')
            return false
        }
    
        add_rsp_header('X-LIMIT-DEBUG', concat('set on: ', sp, $arg_unit))
        limit_rate(sp, $arg_unit)
        return true
    }

Region- and ISP-based access control

The following examples show region- and ISP-based access control:
  • Use scenarios
    • Access control is implemented by identifying the region and Internet service provider (ISP) of the IP address included in the client request.
    • The following functions are used to identify the region and ISP of the client IP address. For more information, see Request logic functions.
      • $ip_region_id: the region or province of the source IP address. For example, Guangdong: ip_region_id=440000.
      • $ip_isp_id: the ISP of the source IP address. For example, China Telecom: ip_isp_id=100017.
      • $ip_city_id: the city of the source IP address. For example, Shenzhen: ip_city_id=440300.
  • Script
    # Province-based control
    if not(match_re($ip_region_id, '440000|370000')) {
        add_rsp_header('X-REGION-BLOCK-DEBUG', concat('hit ip_region_id:', $ip_region_id))
        exit(403)
    }
    # City-based control
    if not(match_re(ip_isp_id, '340200|211400')) {
        add_rsp_header('X-REGION-BLOCK-DEBUG', concat('hit ip_region_id:', $ip_region_id))
        exit(403)
    }
    # ISP-based control
    if not(match_re(ip_isp_id, '100017|100025')) {
        add_rsp_header('X-REGION-BLOCK-DEBUG', concat('hit ip_region_id:', $ip_region_id))
        exit(403)
    }