This topic describes examples of EdgeScript rules that can be applied to specific scenarios.
Remote authentication for FLV pull
- Requirements
Synchronizes the result of remote authentication and sends the request URL as a header to the custom request API.
- EdgeScript rule
if eq(substr($uri, -4, -1), '.flv') { auth_addr = concat('http://xxx/sample/auth') req_info = [] set(req_info, 'addr', auth_addr) set(req_info, 'retry', 1) set(req_info, 'timeout', 3000) set(req_info, 'method', 'POST') req_header_t = [] set(req_header_t, 'Connection', 'close') set(req_header_t, 'Request-Url', $request_uri) set(req_info, 'send_headers' , req_header_t) rs = http_request(req_info) if rs { rscode = get(rs, 'code') if ne(rscode, 200) { exit(403) } } }
Local authentication for FLV pull
- Requirements
For
.flv
requests, the requirements for hotlink protection are defined as follows:- Rule 1: If the request does not contain the
sign
orexpires
parameter, the CDN node returns a 403 status code and adds theX-AUTH-MSG
response header to indicate the cause of failure. - Rule 2: The
t
parameter specifies the expiration time. If thet
parameter value is earlier than the current time, the CDN node returns a 403 status code and adds theX-AUTH-MSG
response header to indicate the cause of failure. - Rule 3: The value of md5 matches the value of sign. If both values do not match, the
CDN node returns a 403 status code. The response header
X-AUTH-MSG
is added to indicate the cause of failure.
- Rule 1: If the request does not contain the
- Parameters
- expires: the URL parameter, which defines the expiration time (Unix timestamp). This parameter value must be greater than the current server time.
- sign: the signature field. Rule to generate this field is:
sign=md5($uri + $expires + $secret)
.
- EdgeScript rule
secret='abc' if eq(substr($uri, -4, -1), '.flv') { if or(not($arg_sign), not($arg_expires)) { add_rsp_header('X-AUTH-MSG', 'auth failed - missing necessary arg') exit(403) } t = tonumber($arg_expires) if gt(now(), t) { add_rsp_header('X-AUTH-MSG', 'auth failed - expired url') exit(403) } digest = md5(concat($uri, $arg_expires, secret)) if ne(digest, $arg_sign) { add_rsp_header('X-AUTH-MSG', 'auth failed - invalid sign') exit(403) } }
User-Agent blacklist for FLV pull
- Requirements
The User-Agent blacklist feature.
The hyphens (
-
) in the request header need to be replaced with underscores (_
). For example, X-USER-ID is replaced with x_user_id. - EdgeScript rule
if eq(substr($uri, -4, -1), '.flv') { blacklist = [] set(blacklist, 'black1', 1) set(blacklist, 'black2', 1) ua = req_header('user_agent') if eq(get(blacklist, ua), 1) { exit(403) } }
FLV streaming prohibition by IP address
- Requirements
Prohibits users originated from Singapore, Taiwan (China), Zhuhai, and China Telecom from streaming FLV content.
Note For more information about country codes, see Appendix. - EdgeScript rule
if eq(substr($uri, -4, -1), '.flv') { c_country = client_country() c_region = client_region() c_city = client_city() c_isp = client_isp() if eq(c_country, 'SG') { exit(403) } if eq(c_region, 'TW_01') { exit(403) } if eq(tonumber(c_city), 440400) { exit(403) } if eq(tonumber(c_isp), 100017) { exit(403) } }
URI rewrite for FLV pull
- Requirements
Add a suffix to the URI based on the pattern parameter. Example:
pattern = 1, uri = /test/live.flv --> /test/live1.flv
- EdgeScript rule
if eq(substr($uri, -4, -1), '.flv') { if $arg_pattern { dst = concat(substr($uri, 1, -5), $arg_pattern, '.flv') rewrite(dst, 'break') } }
Customize the authentication logic
- Requirements
- Request URL format:
/path/digest/?.ts?key=&t=
. - For
.ts
requests, the requirements for customizing hotlink protection are:- Rule 1: If the request does not contain the
t
orkey
parameter, the CDN edge node returns the HTTP 403 status code and adds theX-AUTH-MSG
response header to indicate the failure cause. - Rule 2: The
t
parameter specifies the expiration time. If the specifiedt
parameter is earlier than the current time, the CDN edge node returns the HTTP 403 status code and adds theX-AUTH-MSG
response header to indicate the failure cause. - Rule 3: The CDN edge node compares the
md5
parameter with thedigest
parameter. Ifmd5
does not matchdigest
, the CDN edge node returns the HTTP 403 status code.Value format of the md5 parameter:
Private key + Path + Filename.extension
.
- Rule 1: If the request does not contain the
- Request URL format:
- Corresponding EdgeScript script:
if eq(substr($uri, -3, -1), '.ts') { if or(not($arg_t), not($arg_key)) { add_rsp_header('X-AUTH-MSG', 'auth failed - missing necessary arg') exit(403) } t = tonumber($arg_t) if not(t) { add_rsp_header('X-AUTH-MSG', 'auth failed - invalid time') exit(403) } if gt(now(), t) { add_rsp_header('X-AUTH-MSG', 'auth failed - expired url') exit(403) } pcs = capture_re($request_uri,'^/([^/]+)/([^/]+)/([^?]+)\?(.*)') sec1 = get(pcs, 1) sec2 = get(pcs, 2) sec3 = get(pcs, 3) if or(not(sec1), not(sec2), not(sec3)) { add_rsp_header('X-AUTH-MSG', 'auth failed - malformed url') exit(403) } key = 'b98d643a-9170-4937-8524-6c33514bbc23' signstr = concat(key, sec1, sec3) digest = md5(signstr) if ne(digest, sec2) { add_rsp_header('X-AUTH-DEBUG', concat('signstr: ', signstr)) add_rsp_header('X-AUTH-MSG', 'auth failed - invalid digest') exit(403) } }
Customize request headers and response headers
The following example shows automatic file renaming:
Example:
add_rsp_header('Content-Disposition', concat('attachment;filename=', tochar(34), filename, tochar(34)))
- You can add the response header Content-Disposition:attachment to HTTP responses to
have the message body automatically downloaded. In addition, if the response carries
the
filename
parameter, it is automatically renamedfilename
. If the response does not carry the filename parameter, the default name is used. - The value for the
filename
parameter is enclosed in a pair of double quotation marks (""). The string "34" is the ASCII string for double quotation marks. It can be converted back to the quotation mark string ("") through the tochar function.
Output:
Content-Disposition: attachment;filename="monitor.apk"
Corresponding EdgeScript script:
if $arg_filename {
hn = 'Content-Disposition'
hv = concat('attachment;filename=', $arg_filename)
add_rsp_header(hn, hv)
}
Customize rewrites and redirects
- Rewrite a URI.
- Requirements
Enable Alibaba Cloud CDN to rewrite
/hello
to/index.html
. As a result, the URI of the back-to-origin request is changed to/index.html
and the parameters remain unchanged. - Corresponding EdgeScript script:
if match_re($uri, '^/hello$') { rewrite('/index.html', 'break') }
- Requirements
- Rewrite a file extension.
- Requirements
Enable Alibaba Cloud CDN to rewrite
/1.txt
to/1<url parameter type>
. For example,/1.txt?type=mp4
is rewritten to/1.mp4?type=mp4
in back-to-origin requests and cached on CDN edge nodes. - Corresponding EdgeScript script:
if and(match_re($uri, '^/1.txt$'), $arg_type) { rewrite(concat('/1.', $arg_type), 'break') }
- Requirements
- Convert a file extension to lowercase letters.
- Requirements
Convert a URI string to lowercase letters.
- Corresponding EdgeScript script:
pcs = capture_re($uri, '^(.+%.)([^.]+)') section = get(pcs, 1) postfix = get(pcs, 2) if and(section, postfix) { rewrite(concat(section, lower(postfix)), 'break') }
- Requirements
- Add a URI prefix.
- Requirements
Enable Alibaba Cloud CDN to rewrite
^/nn_live/(.*)
to/3rd/nn_live/$1
. - Corresponding EdgeScript script:
pcs = capture_re($uri, '^/nn_live/(.*)') sec = get(pcs, 1) if sec { dst = concat('/3rd/nn_live/', sec) rewrite(dst, 'break') }
- Requirements
- Perform a 302 redirect.
- Requirements
Perform a 302 redirect from the
/
root directory to/app/movie/pages/index/index.html
. - Corresponding EdgeScript script:
if eq($uri, '/') { rewrite('/app/movie/pages/index/index.html', 'redirect') }
- Requirements
- Perform a 302 redirect to HTTPS URIs
- Requirements
Redirect the following URIs that match the
^/$
root directory tohttps://demo.aliyundoc.com/index.html
. You can specify the final URI as needed.http://demo.aliyundoc.com
https://demo.aliyundoc.com
- Corresponding EdgeScript script:
if eq($uri, '/') { rewrite('https://demo.aliyundoc.com/index.html', 'redirect') }
- Requirements