Alibaba Cloud CDN allows you to rewrite HTTP headers in back-to-origin requests. You can add, delete, change, or replace HTTP headers in back-to-origin requests based on your business requirements.

Background information

HTTP request headers are a component of the header section in request messages transmitted over HTTP. HTTP request headers bring specific parameters to servers.

When Alibaba Cloud CDN points of presence (POPs) pull the requested resources from the origin server, the origin server can obtain the information that is carried in request headers. Alibaba Cloud CDN allows you to rewrite HTTP headers in back-to-origin requests. The information that is carried in request headers is passed to the origin server to meet specific business requirements. For example, you can configure the X-Forwarded-For (XFF) header to pass client IP addresses to your origin server.

HTTP request headers
Note
  • A back-to-origin request is an HTTP message that is transmitted by Alibaba Cloud CDN to the origin server of a specific accelerated domain name. A rewrite rule rewrites only the HTTP headers in requests that are transmitted between an origin server and CDN POPs. It does not rewrite the HTTP headers in requests that are transmitted between CDN POPs and clients.
  • You cannot configure custom HTTP request headers for wildcard domain names.

Procedure

  1. Log on to the Alibaba Cloud CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.
    Domain Names
  4. In the left-side navigation pane of the domain name, click Back-to-origin.
  5. Click the Custom Request Header tab.
  6. Click Customize.
  7. Configure the parameters in the Back-to-origin Request Headers dialog box.
    Important If different operations are performed on the same request header at the same time, these operations have different priorities. The operations are prioritized in the following descending order: Replace > Add > Change or Delete. For example, if you perform the Add and Delete operations on the same request header at the same time, the request header is added and then deleted.
    • Parameters of the Add operationRewrite an HTTP request header
      ParameterExampleDescription
      OperationAddAdds a request header to back-to-origin HTTP requests.
      Request HeaderCustom Back-to-origin Request Headers

      You can select Custom Back-to-origin Request Headers to specify a request header or a preset header from the Request Header drop-down list.

      Header Namex-code

      The name of the custom request header is x-code.

      Header Valuekey1, key2

      You can specify one or more values for a request header. Separate values with commas (,).

      Allow DuplicatesAllow
      • Yes: You can add duplicate request headers. For example, you can add x-code:key1 and x-code:key2 at the same time.
      • No: The latest header value overwrites the existing one that uses the same header name. For example, if you add x-code:key1 and then add x-code:key2, the final header key-value pair is x-code:key2.
    • Parameters of the Delete operationDelete
      ParameterExampleDescription
      OperationDeleteDeletes all request headers that match the values of the Request Header and Header Name parameters. Duplicate request headers are also deleted.
      Request HeaderCustom Back-to-origin Request Headers

      You can select Custom Back-to-origin Request Headers to specify a request header or a preset header from the Request Header drop-down list.

      Header Namex-code

      The name of the custom request header is x-code.

    • Parameters of the Change operationChange
      ParameterExampleDescription
      OperationChangeYou can perform the Change operation only if no duplicate request headers exist.
      Request HeaderCustom Back-to-origin Request Headers

      You can use the default value, or select Custom Back-to-origin Request Headers from the Request Header drop-down list to specify a request header.

      Header Namex-code

      The name of the custom request header is x-code.

      Change Value Tokey1, key3

      You can specify one or more values for a request header. Separate values with commas (,).

    • Parameters of the Replace operationReplace
      ParameterExampleDescription
      OperationReplaceYou can perform the Replace operation only if no duplicate request headers exist.
      Request HeaderCustom Back-to-origin Request Headers

      You can use the default value, or select Custom Back-to-origin Request Headers from the Request Header drop-down list to specify a request header.

      Header Namex-code

      The name of the custom request header is x-code.

      FindkeyAllows you to search for the value that you want to replace by using regular expressions.
      Replace WithabcAllows you to replace matching values by using regular expressions.
      MatchMatch All
      • Match All: All matching values are replaced. For example, if you use a regular expression to replace all "key" values in x-code:key1,key2,key3 with "abc", the key-value pair is changed to x-code:abc1,abc2,abc3.
      • Match the First Only: Only the first matching value is replaced. For example, if you use a regular expression to replace the first "key" in x-code:key1,key2,key3 with "abc", the key-value pair is changed to x-code:abc1,key2,key3.
  8. Click OK.

Configuration example 1

Sample scenario: Add the X-Forward-For (XFF) header to back-to-origin requests. The XFF header brings the client IP addresses and proxy IP addresses to the origin server.

Configurations
  • Set the Request Header parameter to Custom Back-to-origin Request Headers and the Header Name parameter to X-Forwarded-For.
  • Set the Header Value parameter to $proxy_add_x_forwarded_for.
Configurations

Configuration example 2

Sample scenario: Adds a header that brings client IP addresses to the origin server.

Configurations
  • Set the Request Header parameter to Custom Back-to-origin Request Headers and the Header Name parameter to X-Real-IP.
  • Set the Header Value parameter to $remote_addr.
Configurations