This topic describes the features and parameters that you can configure when calling the BatchSetCdnDomainConfig or SetCdnDomainStagingConfig operation to configure features for domain names. Each feature is identified by a function name and a numeric function ID, and is passed as an element in the Functions array of the request body.
Request structure
When you call BatchSetCdnDomainConfig (production environment) or SetCdnDomainStagingConfig (staging environment) to configure domain name features, the request body contains a Functions array. Each element in the array specifies a functionName, and one or more functionArgs as key-value pairs (argName and argValue).
{
"Functions": [{
"functionArgs": [{
"argName": "<parameter-name>",
"argValue": "<parameter-value>"
}],
"functionName": "<feature-name>"
}],
"DomainNames": "example.com"
}The features described in this topic can be referenced by the following operations: - Production environment: BatchSetCdnDomainConfig, DescribeCdnDomainConfigs, BatchDeleteCdnDomainConfig, and DescribeCdnUserDomainsByFunc.
Staging environment: SetCdnDomainStagingConfig, DescribeCdnDomainStagingConfig, RollbackStagingConfig, and PublishStagingConfigToProduction.
Calling BatchSetCdnDomainConfig or SetCdnDomainStagingConfig generates a unique ConfigId for the configuration. You can use the ConfigId to update or delete the configuration. For more information, see ConfigId Usage Notes. - Some features conflict with each other. Only one feature from a conflicting pair can be configured at a time. Conflict pairs are noted in the corresponding feature sections below.
Network configurations
ipv6
Description: Configures IPv6 access.
Function ID: 194
Parameters:
Parameter | Type | Required | Description | Example |
switch | String | Yes | Specifies whether to enable IPv6 access. Valid values: | on |
region | String | Yes | The region where IPv6 is enabled. Use an asterisk ( | * |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "switch",
"argValue": "on"
}, {
"argName": "region",
"argValue": "*"
}],
"functionName": "ipv6"
}],
"DomainNames": "example.com"
}Origin configurations
set_req_host_header
Description: Configures the default origin host.
Function ID: 18
Parameters:
Parameter | Type | Required | Description | Example |
domain_name | String | Yes | The origin host header content. | example.com |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "domain_name",
"argValue": "example.com"
}],
"functionName": "set_req_host_header"
}],
"DomainNames": "example.com"
}forward_scheme
Description: Configures the origin protocol.
Function ID: 47
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable the origin protocol feature. Valid values: | on |
scheme_origin | String | No | The protocol scheme for origin fetch. Valid values: | follow |
scheme_origin_port | String | No | Custom origin ports. Required when | 80:443 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "scheme_origin",
"argValue": "follow"
}, {
"argName": "scheme_origin_port",
"argValue": "80:443"
}],
"functionName": "forward_scheme"
}],
"DomainNames": "example.com"
}l2_oss_key
Description: Configures private OSS Bucket origin fetch. When using this feature for the first time, you must enable the default permission policy, which grants CDN read-only access to all OSS Buckets under the same Alibaba Cloud account.
Function ID: 85
Parameters:
Parameter | Type | Required | Description | Example |
private_oss_auth | String | Yes | Specifies whether to enable private OSS Bucket origin fetch. Valid values: | on |
perm_private_oss_tbl | String | No | Permanent security token configuration. Format: access_id=123 access_secret=123abc (separated by space). When configured, CDN domain origin fetch to OSS private Buckets under other Alibaba Cloud accounts is also supported. | access_id=123 access_secret=123abc |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "private_oss_auth",
"argValue": "on"
}, {
"argName": "perm_private_oss_tbl",
"argValue": "access_id=123 access_secret=123abc"
}],
"functionName": "l2_oss_key"
}],
"DomainNames": "example.com"
}oss_key_list
Description: Configures the OSS origin private key list. You can configure one or more rules representing different OSS private Buckets with their corresponding security tokens.
Function ID: 183
Parameters:
Parameter | Type | Required | Description | Example |
host | String | Yes | The full address of the OSS Bucket. | example.oss-cn-hangzhou.aliyuncs.com |
key | String | Yes | Permanent security token configuration. Format: access_id=123 access_secret=123abc (separated by space). | access_id=123 access_secret=123abc |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "host",
"argValue": "example.oss-cn-hangzhou.aliyuncs.com"
}, {
"argName": "key",
"argValue": "access_id=123 access_secret=123abc"
}],
"functionName": "oss_key_list"
}],
"DomainNames": "example.com"
}https_origin_sni
Description: Configures the origin SNI (Server Name Indication).
Function ID: 114
Parameters:
Parameter | Type | Required | Description | Example |
enabled | String | Yes | Specifies whether to enable origin SNI. Valid values: | on |
https_origin_sni | String | Yes | The SNI information carried in origin requests (the origin server address that the request needs to access). | origin.example.com |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "https_origin_sni",
"argValue": "origin.example.com"
}, {
"argName": "enabled",
"argValue": "on"
}],
"functionName": "https_origin_sni"
}],
"DomainNames": "example.com"
}forward_timeout
Description: Configures the origin request timeout.
Function ID: 124
Parameters:
Parameter | Type | Required | Description | Example |
forward_timeout | Integer | Yes | Request timeout in seconds. We recommend setting a value less than 100 seconds. | 30 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "forward_timeout",
"argValue": "30"
}],
"functionName": "forward_timeout"
}],
"DomainNames": "example.com"
}advanced_origin
Description: Configures advanced origin fetch, which routes requests to different origin servers based on variables in the user request (such as URI, headers, query parameters, or cookies).
Function ID: 235
Conflict: Conflicts with
origin_dns_host(Function ID: 212). Only one can be configured. If one feature is already configured (including when its switch parameter is set to off), you must delete the existing configuration before configuring the other.Parameters:
Parameter | Type | Required | Description | Example |
variable_type | String | Yes | The variable type. Valid values: | uri |
variable | String | Yes | The variable name. When variable_type is set to uri, the variable must be set to uri. | uri |
conditions | String | Yes | The condition operator. Valid values: == (equals), != (not equals). | == |
value | String | Yes | The variable value to match. | /image |
origin | String | Yes | The origin server domain name to use when the variable matches the specified value. | origin.example.com |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "conditions",
"argValue": "=="
}, {
"argName": "variable_type",
"argValue": "uri"
}, {
"argName": "value",
"argValue": "/image"
}, {
"argName": "origin",
"argValue": "origin.example.com"
}, {
"argName": "variable",
"argValue": "uri"
}],
"functionName": "advanced_origin"
}],
"DomainNames": "example.com"
}follow_302
Description: Configures origin 302 redirect following.
Function ID: 219
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable origin 302 redirect following. Valid values: | on |
max_tries | Integer | No | Maximum number of 302 redirects to follow. Default value: 2. Valid values: 1-5. The actual maximum number of origin requests is max_tries + 1. | 2 |
retain_args | String | No | Specifies whether to retain original request parameters when following 302 redirects. Valid values: | off |
retain_header | String | No | Specifies whether to retain original request headers when following 302 redirects. Valid values: | off |
response_header | String | No | The response header name for 302 redirect. Default value: Location. | X-Alicdn-Redirect |
retain_host | String | No | Specifies whether to retain the origin host when following 302 redirects. Valid values: | off |
modify_host | String | No | Modifies the origin host when following 302 redirects. By default, the origin host is not modified. | example.com |
cache | String | No | Specifies whether to cache 302 redirect results for the same URL to improve CDN response performance. Valid values: | off |
expired_time | Integer | No | Cache expiration time for 302 redirect results, in seconds. Must be used with the cache parameter. Default value: 3600. | 7200 |
follow_origin_host | String | No | Specifies whether to use the origin server domain name as the origin host (uses the latest origin domain even after primary/standby switching). Valid values: | off |
follow_5xx_retry_origin | String | No | Specifies whether to switch to the next available origin server when the current origin responds with a 5xx status code. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "max_tries",
"argValue": "2"
}, {
"argName": "retain_args",
"argValue": "off"
}, {
"argName": "retain_header",
"argValue": "off"
}],
"functionName": "follow_302"
}],
"DomainNames": "example.com"
}set_req_header
Description: Configures custom origin HTTP request headers (v1). We recommend using the v2 version:
origin_request_header, which supports more features.Function ID: 39
Parameters:
Parameter | Type | Required | Description | Example |
key | String | Yes | The origin request header name. | Accept-Encoding |
value | String | Yes | The origin request header value. To delete a header, set the value to null. | gzip |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "value",
"argValue": "gzip"
}, {
"argName": "key",
"argValue": "Accept-Encoding"
}],
"functionName": "set_req_header"
}],
"DomainNames": "example.com"
}origin_request_header
Description: Configures custom origin HTTP request headers (v2). Supports add, delete, modify, and rewrite operations.
Function ID: 228
Parameters:
Parameter | Type | Required | Description | Example |
header_operation_type | String | Yes | The header operation type. Valid values: | add |
header_name | String | Yes | The request header name. | Accept-Encoding |
header_value | String | No | The request header value. Multiple values can be separated by commas (,). | gzip |
duplicate | String | No | Specifies whether to allow duplicate headers with the same name (when using the add operation). Valid values: | off |
header_source | String | No | The value to search for replacement (when using the rewrite operation). Supports regular expressions. | value1 |
header_destination | String | No | The replacement value (when using the rewrite operation). | value123 |
match_all | String | No | The matching mode (when using the rewrite operation). Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "header_operation_type",
"argValue": "add"
}, {
"argName": "header_name",
"argValue": "Accept-Encoding"
}, {
"argName": "header_value",
"argValue": "gzip"
}, {
"argName": "duplicate",
"argValue": "off"
}],
"functionName": "origin_request_header"
}],
"DomainNames": "example.com"
}origin_response_header
Description: Configures origin HTTP response headers. Supports add, delete, modify, and rewrite operations.
Function ID: 229
Parameters:
Parameter | Type | Required | Description | Example |
header_operation_type | String | Yes | The response header operation type. Valid values: | add |
header_name | String | Yes | The response header name. | Cache-Control |
header_value | String | No | The response header value. Multiple values can be separated by commas (,). | no-cache |
duplicate | String | No | Specifies whether to allow duplicate headers with the same name (when using the add operation). Valid values: | off |
header_source | String | No | The value to search for replacement (when using the rewrite operation). Supports regular expressions. | value1 |
header_destination | String | No | The replacement value (when using the rewrite operation). | value123 |
match_all | String | No | The matching mode (when using the rewrite operation). Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "header_operation_type",
"argValue": "add"
}, {
"argName": "header_name",
"argValue": "Cache-Control"
}, {
"argName": "header_value",
"argValue": "no-cache"
}, {
"argName": "duplicate",
"argValue": "off"
}],
"functionName": "origin_response_header"
}],
"DomainNames": "example.com"
}back_to_origin_url_rewrite
Description: Configures origin URI rewriting.
Function ID: 225
Parameters:
Parameter | Type | Required | Description | Example |
source_url | String | Yes | The URI to be rewritten. | ^/hello$ |
target_url | String | Yes | The target URI after rewriting. | /hello/test |
flag | String | No | The execution rule for the rewrite operation. Valid values: (empty, default) continues to match subsequent rewrite rules after execution; break: stops matching subsequent rules after execution; enhance_break: similar to break but processes parameters together and also works for FLV live streaming. | break |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "flag",
"argValue": "break"
}, {
"argName": "source_url",
"argValue": "^/hello$"
}, {
"argName": "target_url",
"argValue": "/hello/test"
}],
"functionName": "back_to_origin_url_rewrite"
}],
"DomainNames": "example.com"
}back_to_origin_argument_rewrite
Description: Configures origin argument rewriting. Rewrites query parameters in the origin request URL. Supports configuring multiple rewrite rules. Operation priority: add > delete > keep > modify.
Function ID: 224
Parameters:
Parameter | Type | Required | Description | Example |
delete_argument | String | No | Arguments to delete, separated by spaces. | code1 |
save_argument | String | No | Arguments to keep, separated by spaces. Only the listed arguments are retained. Add and delete operations still take effect. | (empty) |
ignore_all_argument | String | No | Specifies whether to ignore all arguments. Valid values: | on |
add_argument | String | No | Arguments to add (highest priority), separated by spaces. | value=123 |
modify_argument | String | No | Arguments to modify (lowest priority), separated by spaces. If an argument is deleted, it will not be retained. | value=321 |
enable | String | Yes | Specifies whether to enable origin argument rewriting. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "delete_argument",
"argValue": ""
}, {
"argName": "save_argument",
"argValue": ""
}, {
"argName": "add_argument",
"argValue": ""
}, {
"argName": "modify_argument",
"argValue": ""
}, {
"argName": "ignore_all_argument",
"argValue": "on"
}, {
"argName": "enable",
"argValue": "on"
}],
"functionName": "back_to_origin_argument_rewrite"
}],
"DomainNames": "example.com"
}aws_s3_bucket
Description: Configures Amazon S3 authenticated Bucket origin fetch.
Function ID: 186
Parameters:
Parameter | Type | Required | Description | Example |
enabled | String | Yes | Specifies whether to enable Amazon S3 authenticated Bucket. Valid values: | l2 |
bucketname | String | No | The Amazon S3 Bucket name. | / |
accesskey | String | Yes | AWS AccessKey. | 123456789 |
secretkey | String | Yes | AWS SecretKey. | 12345678 |
region | String | Yes | The Amazon S3 storage region. | us-east-2 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enabled",
"argValue": "l2"
}, {
"argName": "accesskey",
"argValue": "123456789"
}, {
"argName": "secretkey",
"argValue": "123456789"
}, {
"argName": "region",
"argValue": "us-east-2"
}],
"functionName": "aws_s3_bucket"
}],
"DomainNames": "example.com"
}origin_certificate_verification
Description: Configures origin certificate verification (SNI whitelist).
Function ID: 223
Parameters:
Parameter | Type | Required | Description | Example |
enabled | String | Yes | Specifies whether to enable origin certificate verification. Valid values: | on |
common_name_whitelist | String | No | Certificate whitelist domain names, separated by commas (,). Certificates matching these whitelisted domains pass verification. | example.com |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "common_name_whitelist",
"argValue": "example.com"
}],
"functionName": "origin_certificate_verification"
}],
"DomainNames": "example.com"
}origin_dns_host
Description: Configures conditional origin server. Works with the rule engine feature (condition, Function ID: 250) to route requests to specified origin servers based on path, URL parameters, request headers, and other information. Before configuring, you must first create at least one rule engine condition.
Function ID: 212
Conflict: Conflicts with
advanced_origin(Function ID: 235). Only one can be configured. If one feature is already configured (including when its switch parameter is set to off), you must delete the existing configuration before configuring the other.Parameters:
Parameter | Type | Required | Description | Example |
ali_origin_dns_host | String | Yes | The domain name used for origin DNS resolution. | example.com |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "ali_origin_dns_host",
"argValue": "example.com"
}],
"functionName": "origin_dns_host",
"parentId": 30119730104
}],
"DomainNames": "example.com"
}origin_host
Description: Configures origin host for a specified origin server.
Function ID: 242
Parameters:
Parameter | Type | Required | Description | Example |
origin | String | Yes | The origin server address. Set to all to apply to all origin servers. | example.com |
host | String | Yes | The host header value. Set to ali_follow_origin to use the origin server address as the host value. | host.example.com |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "origin",
"argValue": "example.com"
}, {
"argName": "host",
"argValue": "host.example.com"
}],
"functionName": "origin_host"
}],
"DomainNames": "example.com"
}ali_origin_port_scheme
Description: Configures origin port and protocol.
Function ID: 276
Parameters:
Parameter | Type | Required | Description | Example |
port | String | Yes | The origin port. When scheme is set to follow, use the format http:80|https:443. | 80 |
scheme | String | Yes | The origin protocol. Valid values: | http |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "port",
"argValue": "80"
}, {
"argName": "scheme",
"argValue": "http"
}],
"functionName": "ali_origin_port_scheme"
}],
"DomainNames": "example.com"
}origin_sni
Description: Configures origin SNI for a specified origin server.
Function ID: 262
Parameters:
Parameter | Type | Required | Description | Example |
origin | String | Yes | The origin server address. Set to all to apply to all origin servers. | example.com |
sni_host | String | Yes | The SNI host value. Can be a fixed value, ali_follow_origin (follow the origin server address), or ali_follow_host (follow the origin host). | example.org |
keepalive_sni | String | No | Specifies whether to enable keepalive SNI matching. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "origin",
"argValue": "origin.example.com"
}, {
"argName": "sni_host",
"argValue": "host.example.com"
}],
"functionName": "origin_sni"
}],
"DomainNames": "example.com"
}source_group
Description: Configures origin server groups.
Function ID: 294
Parameters:
Parameter | Type | Required | Description | Example |
source_group_name | String | Yes | The origin server group name. Supports lowercase letters, digits, and underscores. Maximum length: 128 bytes. | example_origin |
source_info | String | Yes | Origin server information in the format: address_priority_weight_port. Separate multiple origin servers with commas (,). Priority: 1-65535 (lower value = higher priority). Weight: 1-100. Port: 1-65535. | 192.168.0.1_10_33_80,192.0.2.1_10_67_80 |
retry_times | Integer | No | The number of origin retry attempts. | 3 |
retry_status_rule | Integer | No | The retry status codes. Supported values: 4xx, 5xx, 404, 404-or-5xx, 4xx-or-5xx. | 404-or-5xx |
failback_source | String | No | Specifies whether to fall back to the basic origin server configuration when all servers in the group are unavailable. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "source_group_name",
"argValue": "test_origin"
}, {
"argName": "source_info",
"argValue": "192.168.0.1_10_33_80,192.0.2.1_10_67_80"
}, {
"argName": "retry_times",
"argValue": "3"
}, {
"argName": "retry_status_rule",
"argValue": "404-or-5xx"
}, {
"argName": "failback_source",
"argValue": "on"
}],
"functionName": "source_group"
}],
"DomainNames": "example.com"
}ipv6_origin
Description: Configures IPv6 origin fetch.
Function ID: 265
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable IPv6 origin fetch. Valid values: | on |
follow | String | Yes | Specifies whether to follow the client IP protocol version for origin fetch. Valid values: | on |
ipv6_v4_mix_used | String | No | Specifies whether to enable IPv4/IPv6 round-robin origin fetch. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "follow",
"argValue": "on"
}],
"functionName": "ipv6_origin"
}],
"DomainNames": "example.com"
}cos_auth
Description: Configures Tencent Cloud COS authenticated Bucket origin fetch.
Function ID: 288
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable Tencent Cloud COS authenticated Bucket. Valid values: | on |
cos_valid_period | String | No | The authentication signature validity period in seconds. Default value: 3600. | 3600 |
cos_secret_id | String | Yes | The Tencent Cloud authentication ID. | 123456789 |
cos_secret_key | String | Yes | The Tencent Cloud authentication key. | 12345678 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "cos_secret_id",
"argValue": "123456789"
}, {
"argName": "cos_secret_key",
"argValue": "123456789"
}],
"functionName": "cos_auth"
}],
"DomainNames": "example.com"
}oss_auth
Description: Configures the OSS authentication bucket information used by CDN for origin fetch. This configuration is automatically added when you configure an OSS-type origin server for an accelerated domain name. Do not manually delete this configuration, as it may cause billing issues for CDN origin traffic and authentication failures for private Bucket access.
Function ID: 10
Parameters:
Parameter | Type | Required | Description | Example |
oss_bucket_id | String | Yes | The public endpoint of the OSS Bucket. | cdn-test.oss-cn-hongkong.aliyuncs.com |
oss_pri_buckets | String | Yes | The public endpoint of the OSS Bucket and its corresponding Bucket name, separated by a pipe (|). | cdn-test.oss-cn-hongkong.aliyuncs.com|cdn-test |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "oss_bucket_id",
"argValue": "cdn-test.oss-cn-hongkong.aliyuncs.com"
}, {
"argName": "oss_pri_buckets",
"argValue": "cdn-test.oss-cn-hongkong.aliyuncs.com|cdn-test"
}],
"functionName": "oss_auth"
}],
"DomainNames": "example.com"
}Access control
referer_white_list_set
Description: Configures a Referer whitelist.
Function ID: 1
Conflict: Conflicts with
referer_black_list_set(Function ID: 5). Only one can be configured.Parameters:
Parameter | Type | Required | Description | Example |
refer_domain_allow_list | String | Yes | The whitelist of Referer domains, separated by commas ( | example.aliyundoc.com,demo.aliyundoc.com |
allow_empty | String | No | Specifies whether to allow empty Referer fields. Valid values: | off |
redirect_url | String | No | The redirect URL for unmatched requests (must start with | http://www.example.com |
disable_ast | String | No | Exact matching mode. Valid values: | off |
ignore_scheme | String | No | Specifies whether to ignore the HTTP or HTTPS scheme in the Referer. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "refer_domain_allow_list",
"argValue": "example.aliyundoc.com,demo.aliyundoc.com"
}],
"functionName": "referer_white_list_set"
}],
"DomainNames": "example.com"
}referer_black_list_set
Description: Configures a Referer blacklist.
Function ID: 5
Conflict: Conflicts with
referer_white_list_set(Function ID: 1). Only one can be configured.Parameters:
Parameter | Type | Required | Description | Example |
refer_domain_deny_list | String | Yes | The blacklist of Referer domains, separated by commas ( | example.aliyundoc.com,demo.aliyundoc.com |
allow_empty | String | No | Specifies whether to allow empty Referer fields. Valid values: | off |
redirect_url | String | No | The redirect URL for matched requests. | http://www.example.com |
disable_ast | String | No | Exact matching mode. Valid values: | off |
ignore_scheme | String | No | Specifies whether to ignore the HTTP or HTTPS scheme in the Referer. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "refer_domain_deny_list",
"argValue": "example.aliyundoc.com,demo.aliyundoc.com"
}],
"functionName": "referer_black_list_set"
}],
"DomainNames": "example.com"
}ip_allow_list_set
Description: Configures an IP whitelist.
Function ID: 69
Conflict: Conflicts with
ip_black_list_set(Function ID: 13). Only one can be configured.Parameters:
Parameter | Type | Required | Description | Example |
ip_list | String | Yes | The list of IP addresses or CIDR blocks, separated by commas ( | 192.168.0.1/24 |
customize_response_status_code | String | No | Custom response status code. Default value: | 429 |
ip_acl_xfwd | String | No | The IP matching mode. Valid values: | all |
ip_list_notes | String | No | Notes for the IP list. | 192.x.x.1 (malicious IP) |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "ip_list",
"argValue": "192.168.0.1/24"
}],
"functionName": "ip_allow_list_set"
}],
"DomainNames": "example.com"
}ip_black_list_set
Description: Configures an IP blacklist.
Function ID: 13
Conflict: Conflicts with
ip_allow_list_set(Function ID: 69). Only one can be configured.Parameters:
Parameter | Type | Required | Description | Example |
ip_list | String | Yes | The list of IP addresses or CIDR blocks, separated by commas ( | 192.168.0.1 |
customize_response_status_code | String | No | Custom response status code. Default value: | 429 |
ip_acl_xfwd | String | No | The IP matching mode. Valid values: | all |
ip_list_notes | String | No | Notes for the IP list. | 192.x.x.1 (malicious IP) |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "ip_list",
"argValue": "192.168.0.1"
}],
"functionName": "ip_black_list_set"
}],
"DomainNames": "example.com"
}aliauth
Description: Configures URL authentication.
Function ID: 25
Parameters:
Parameter | Type | Required | Description | Example |
auth_m3u8 | String | No | Enables m3u8 content rewriting. When enabled, authentication parameters are appended to TS segments in the m3u8 file to prevent TS access authentication failures. Valid values: | on |
auth_type | String | Yes | Authentication type. Valid values: | type_a |
auth_key1 | String | Yes | Authentication key 1 (16-128 characters, letters and digits only). | 1234567890123456789 |
auth_key2 | String | No | Authentication key 2 (16-128 characters, letters and digits only). | 1234567890123456789 |
ali_auth_delta | Integer | No | Valid duration of the authenticated URL, in seconds. Default value: | 1800 |
req_auth_ip_white | String | No | Whitelist IP addresses that are exempt from authentication. Separate multiple IP addresses with commas (,). | 192.168.0.1 |
req_auth_ip_acl_xfwd | String | No | The method to extract the client IP for whitelist exemption. Valid values: | all |
sign_param | String | No | The name of the sign parameter. Only valid when auth_type is set to type_f. | sign |
time_param | String | No | The name of the timestamp parameter. Only valid when auth_type is set to type_f. | time |
time_format | String | No | The format of the timestamp. Only valid when auth_type is set to type_f. Valid values: | hex |
path_encoding | String | No | Specifies whether to enable URL encoding. Only valid when auth_type is set to type_f. Valid values: | on |
Example 1 (Authentication type A):
{
"Functions": [{
"functionArgs": [{
"argName": "auth_type",
"argValue": "type_a"
}, {
"argName": "auth_key1",
"argValue": "1234567890123456789"
}, {
"argName": "auth_key2",
"argValue": "1234567890123456789"
}, {
"argName": "ali_auth_delta",
"argValue": 1800
}, {
"argName": "req_auth_ip_white",
"argValue": "192.168.0.1"
}, {
"argName": "req_auth_ip_acl_xfwd",
"argValue": "all"
}],
"functionName": "aliauth"
}],
"DomainNames": "example.com"
}Example 2 (Authentication type F):
{
"Functions": [{
"functionArgs": [{
"argName": "auth_type",
"argValue": "type_f"
}, {
"argName": "auth_key1",
"argValue": "1234567890123456789"
}, {
"argName": "auth_key2",
"argValue": "1234567890123456789"
}, {
"argName": "ali_auth_delta",
"argValue": 1800
}, {
"argName": "sign_param",
"argValue": "sign"
}, {
"argName": "time_param",
"argValue": "time"
}, {
"argName": "time_format",
"argValue": "hex"
}, {
"argName": "path_encoding",
"argValue": "on"
}],
"functionName": "aliauth"
}],
"DomainNames": "example.com"
}cdn_remote_auth
Description: Configures remote authentication.
Function ID: 258
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable remote authentication. Valid values: | on |
remote_auth_addr | String | Yes | The authentication server address. Format: https://cdn.aliyun.com/auth or http://10.10.10.10/auth. | https://example.aliyundoc.com/auth |
remote_auth_method | String | Yes | The request method. Valid values: GET, POST, HEAD. | get |
remote_auth_type | String | Yes | The file type to authenticate. Set to all for all types. Multiple types are separated by pipes (|), case-sensitive. | all |
remote_auth_reserve_args | String | Yes | Reserved request parameters, separated by pipes (|), case-insensitive. Set to all to reserve all parameters, or ali_delete_all_args to delete all URL parameters. | all |
remote_auth_custom_args | String | No | Custom parameters to add, separated by pipes (|), case-sensitive. | (empty) |
remote_auth_reserve_header | String | Yes | Reserved request headers, separated by pipes (|), case-insensitive. Set to all to reserve all headers, or ali_delete_all_headers to delete all headers. | all |
remote_auth_custom_header | String | No | Custom request headers to add, separated by pipes (|), case-insensitive. | (empty) |
remote_auth_success_code | Integer | Yes | The authentication success status code returned by the authentication server. Multiple codes are separated by commas. | 200 |
remote_auth_fail_code | Integer | Yes | The authentication failure status code returned by the authentication server. Multiple codes are separated by commas. | 403,404 |
remote_auth_other_code_act | String | No | The action for other status codes (neither success nor failure). Valid values: | pass |
remote_auth_fail_resp_code | Integer | Yes | The status code that CDN returns to the client when authentication fails. | 403 |
remote_auth_timeout | Integer | Yes | The authentication timeout in milliseconds. Maximum value: 3000. | 500 |
remote_auth_timeout_action | String | Yes | The action when authentication times out. Valid values: | pass |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "remote_auth_addr",
"argValue": "https://example.aliyundoc.com/auth"
}, {
"argName": "remote_auth_method",
"argValue": "get"
}, {
"argName": "remote_auth_type",
"argValue": "all"
}, {
"argName": "remote_auth_reserve_args",
"argValue": "all"
}, {
"argName": "remote_auth_reserve_header",
"argValue": "all"
}, {
"argName": "remote_auth_success_code",
"argValue": "200"
}, {
"argName": "remote_auth_fail_code",
"argValue": "403"
}, {
"argName": "remote_auth_fail_resp_code",
"argValue": "403"
}, {
"argName": "remote_auth_timeout",
"argValue": "500"
}, {
"argName": "remote_auth_timeout_action",
"argValue": "pass"
}],
"functionName": "cdn_remote_auth"
}],
"DomainNames": "example.com"
}ali_ua
Description: Configures User-Agent access restrictions.
Function ID: 58
Parameters:
Parameter | Type | Required | Description | Example |
ua | String | Yes | User-Agent values. Supports wildcard * (matches any string) and multiple values separated by pipes (|). | *curl*|*IE*|*chrome*|*firefox* |
type | String | Yes | The list type. Valid values: | black |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "ua",
"argValue": "*curl*|*IE*|*chrome*|*firefox*"
}, {
"argName": "type",
"argValue": "black"
}],
"functionName": "ali_ua"
}],
"DomainNames": "example.com"
}Cache configurations
filetype_based_ttl_set
Description: Configures file expiration time.
Function ID: 6
Parameters:
Parameter | Type | Required | Description | Example |
ttl | Integer | Yes | Cache duration in seconds. Valid values: 1-99999999. | 500000 |
file_type | String | Yes | File types, separated by commas ( | jpg |
weight | Integer | No | Priority. Valid values: 1-99. Default value: | 1 |
swift_origin_cache_high | String | No | Specifies whether to prioritize the origin cache policy. When enabled, the cache policy from origin response headers (such as Cache-Control and Pragma) takes priority. Valid values: | off |
swift_no_cache_low | String | No | Specifies whether to ignore origin no-cache response headers. When enabled, the following origin response headers are ignored: Cache-Control: no-store, Cache-Control: no-cache, Cache-Control: max-age=0, Pragma: no-cache. Valid values: | off |
swift_follow_cachetime | String | No | Specifies whether the client follows the CDN cache policy. When enabled, the final effective CDN cache policy is sent in the response to the client. Valid values: | off |
force_revalidate | String | No | Specifies whether to force content validation when the TTL is 0. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "ttl",
"argValue": "500000"
}, {
"argName": "file_type",
"argValue": "jpg"
}],
"functionName": "filetype_based_ttl_set"
}],
"DomainNames": "example.com"
}ali_return_code
Description: Custom HTTP response. Constructs an HTTP response with a custom HTTP status code and HTTP body. The constructed response is returned directly to the client.
Function ID: 56
Parameters:
Pre-origin response mode (exit_after_return_code set to on): CDN does not fetch from the origin. It intercepts the request directly and returns the response status code and response body (if configured) to the client.
Post-origin response mode (exit_after_return_code set to return_code_phase or empty): CDN first fetches content from the origin, then returns both the response status code and the origin response content to the client. This setting does not take effect by default in post-origin mode; the response body is always the content returned by the origin. To replace the origin response body, you must also enable ali_body_filter_switch.
Parameter | Type | Required | Description | Example |
return_code | Integer | Yes | The response status code. Sets the HTTP status code that the CDN node ultimately returns to the client. | 302 |
exit_after_return_code | String | No | The response mode, which controls when the CDN returns the response to the client. Valid values: | on |
resp_body_ct | String | No | The response body content (HTTP Body) to customize what is returned to the client. In pre-origin response mode: if specified, this content is returned as the response body; if not specified, only the status code is returned. In post-origin response mode: this setting does not take effect by default; the response body is always the content returned by the origin. | example |
ali_body_filter_switch | String | No | Switch to modify the origin response content. This setting takes effect only in post-origin response mode. When enabled, CDN replaces the origin response body with the specified response content and returns the response status code plus the response content to the client. Valid values: | on |
ali_body_filter_code | Integer | No | Matches the origin response status code. This setting takes effect only in post-origin response mode and when modify origin response content is enabled. When specified, CDN only triggers the response content replacement logic when the origin returns the specified status code. If the status code does not match, no replacement is performed. | 404 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "return_code",
"argValue": "403"
}, {
"argName": "exit_after_return_code",
"argValue": "on"
}, {
"argName": "resp_body_ct",
"argValue": "null"
}, {
"argName": "ali_body_filter_switch",
"argValue": "on"
}, {
"argName": "ali_body_filter_code",
"argValue": "333"
}],
"functionName": "ali_return_code"
}],
"DomainNames": "example.com"
}path_based_ttl_set
Description: Configures directory-based cache expiration time.
Function ID: 7
Parameters:
Parameter | Type | Required | Description | Example |
ttl | Integer | Yes | Cache duration in seconds. Valid values: 1-99999999. | 500000 |
path | String | Yes | The directory path, which must start with a forward slash (/). | /example/demo |
weight | Integer | No | Priority. Valid values: 1-99. Default value: 1 (higher value = higher priority). | 1 |
swift_origin_cache_high | String | No | Specifies whether to prioritize the origin cache policy. Valid values: | off |
swift_no_cache_low | String | No | Specifies whether to ignore origin no-cache response headers. Valid values: | off |
swift_follow_cachetime | String | No | Specifies whether the client follows the CDN cache policy. Valid values: | off |
force_revalidate | String | No | Specifies whether to force content validation when the TTL is 0. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "path",
"argValue": "/example/demo"
}, {
"argName": "weight",
"argValue": "1"
}, {
"argName": "ttl",
"argValue": "500000"
}],
"functionName": "path_based_ttl_set"
}],
"DomainNames": "example.com"
}filetype_force_ttl_code
Description: Configures file type-based status code cache expiration time.
Function ID: 63
Parameters:
Parameter | Type | Required | Description | Example |
file_type | String | Yes | File types, case-sensitive, separated by commas (,). | jpg |
code_string | String | Yes | Status codes and their cache durations in seconds (1-99999999), separated by commas. Format: code=ttl. | 403=10 |
swift_code_origin_cache_high | String | No | Specifies whether to prioritize the origin cache policy. Valid values: | off |
swift_code_no_cache_low | String | No | Specifies whether to ignore origin no-cache response headers. Valid values: | off |
swift_code_follow_cachetime | String | No | Specifies whether the client follows the CDN cache policy. Valid values: | off |
force_revalidate | String | No | Specifies whether to force content validation when the TTL is 0. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "file_type",
"argValue": "jpg"
}, {
"argName": "code_string",
"argValue": "403=10"
}],
"functionName": "filetype_force_ttl_code"
}],
"DomainNames": "example.com"
}path_force_ttl_code
Description: Configures path-based status code cache expiration time.
Function ID: 65
Parameters:
Parameter | Type | Required | Description | Example |
path | String | Yes | The directory path, which must start with a forward slash (/). | /example/demo |
code_string | String | Yes | Status codes and their cache durations in seconds (1-99999999), separated by commas. Format: code=ttl. | 403=10,404=15 |
swift_code_origin_cache_high | String | No | Specifies whether to prioritize the origin cache policy. Valid values: | off |
swift_code_no_cache_low | String | No | Specifies whether to ignore origin no-cache response headers. Valid values: | off |
swift_code_follow_cachetime | String | No | Specifies whether the client follows the CDN cache policy. Valid values: | off |
force_revalidate | String | No | Specifies whether to force content validation when the TTL is 0. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "path",
"argValue": "/example/demo"
}, {
"argName": "code_string",
"argValue": "403=10,404=15"
}],
"functionName": "path_force_ttl_code"
}],
"DomainNames": "example.com"
}default_ttl_code
Description: Configures status code cache expiration time (origin priority).
Function ID: 207
Parameters:
Parameter | Type | Required | Description | Example |
default_ttl_code | String | Yes | Status codes and their cache durations in seconds (1-99999999), separated by commas. Format: code=ttl. | 4xx=3,200=3600,5xx=1 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "default_ttl_code",
"argValue": "4xx=3,200=3600,5xx=1"
}],
"functionName": "default_ttl_code"
}],
"DomainNames": "example.com"
}set_resp_header
Description: Configures custom HTTP response headers.
Function ID: 27
Parameters:
Parameter | Type | Required | Description | Example |
key | String | Yes | The response header name. | Cache-Control |
value | String | Yes | The response header value. Multiple values are separated by commas (,). To delete a header, set the value to null. | no-cache |
header_operation_type | String | No | The header operation type. Valid values: | add |
duplicate | String | No | Specifies whether to allow duplicate headers (when using the add operation). Valid values: | off |
header_source | String | No | The value to search for replacement (when using rewrite). Supports regular expressions. | value1 |
header_destination | String | No | The replacement value (when using rewrite). | value123 |
match_all | String | No | The matching mode (when using rewrite). Valid values: | off |
access_origin_control | String | No | Specifies whether to enable cross-origin validation. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "header_operation_type",
"argValue": "add"
}, {
"argName": "key",
"argValue": "Cache-Control"
}, {
"argName": "value",
"argValue": "no-cache"
}, {
"argName": "duplicate",
"argValue": "off"
}],
"functionName": "set_resp_header"
}],
"DomainNames": "example.com"
}error_page
Description: Configures custom error pages.
Function ID: 15
Parameters:
Parameter | Type | Required | Description | Example |
error_code | Integer | Yes | The error status code. | 404 |
rewrite_page | String | Yes | The redirect page URL. | http://example.aliyundoc.com/error404.html |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "error_code",
"argValue": "404"
}, {
"argName": "rewrite_page",
"argValue": "http://example.aliyundoc.com/error404.html"
}],
"functionName": "error_page"
}],
"DomainNames": "example.com"
}host_redirect
Description: Configures URI rewrite rules.
Function ID: 43
Parameters:
Parameter | Type | Required | Description | Example |
regex | String | Yes | The URI to be rewritten. Must start with /. Supports PCRE regular expressions. | ^/hello$ |
replacement | String | Yes | The target URI. When flag is set to break, only supports paths starting with /. When flag is set to redirect, can include protocol and domain name. Supports PCRE regular expressions ($1, $2 for capture groups). | /hello/test |
flag | String | No | The execution rule. Valid values: (empty, default) continues matching subsequent rules; break: stops matching subsequent rules, rewrites the URI without modifying parameters; redirect: returns a 302 redirect to the client, continues matching subsequent rules; enhance_break: similar to break but modifies the entire URL including parameters; enhance_redirect: similar to redirect but modifies the entire URL including parameters. | redirect |
rewrite_method | String | No | The redirect method. Valid values: 302 (default, request method may change to GET), 303 (request method changes to GET, body is lost), 307 (request method and body are preserved). | 302 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "flag",
"argValue": "redirect"
}, {
"argName": "regex",
"argValue": "^/hello$"
}, {
"argName": "replacement",
"argValue": "/hello/test"
}, {
"argName": "rewrite_method",
"argValue": "302"
}],
"functionName": "host_redirect"
}],
"DomainNames": "example.com"
}self_defined_cachekey
Description: Configures custom cache keys.
Function ID: 227
Parameters:
Parameter | Type | Required | Description | Example |
uri | Array of String | No | Rewrites the source URI to a target URI for the cache key. Use uri_to_rewrite for the source and ai_uri_regex for the target. | [{"uri_to_rewrite":"/hello","ai_uri_regex":"/hello/test"}] |
args | Array of String | No | Performs add, delete, modify, or keep operations on request parameters for the cache key. | [{"args":"test=123","args_operation_type":"add"}] |
headers | String | No | HTTP headers to include in the cache key, separated by spaces. | example |
variable | Array of String | No | Custom variables extracted from request URL parameters, HTTP headers, cookies, or URI using regular expressions to append to the cache key. | [] |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "uri",
"argValue": [{"uri_to_rewrite": "/hello", "ai_uri_regex": "/hello/test"}]
}, {
"argName": "args",
"argValue": [{"args": "test=123", "args_operation_type": "add"}]
}, {
"argName": "headers",
"argValue": ""
}, {
"argName": "variable",
"argValue": []
}],
"functionName": "self_defined_cachekey"
}],
"DomainNames": "example.com"
}rewrite_host
Description: Configures shared cache (cache key rewrite).
Function ID: 54
Parameters:
Parameter | Type | Required | Description | Example |
share_host | String | Yes | The target domain name that can share cache with the current domain. This does not modify the origin host in user requests. It only uses the share_host value to generate the cache key for cache lookups. | example.com |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "share_host",
"argValue": "example.com"
}],
"functionName": "rewrite_host"
}],
"DomainNames": "example.com"
}serving_stale_content
Description: Configures stale content serving. Serves cached content that has expired when the origin server is unavailable.
Function ID: 260
Parameters:
Parameter | Type | Required | Description | Example |
origin_error_status_code | String | No | Custom origin error status codes that trigger stale content serving. By default (when not specified), origin errors are defined as timeouts plus all 5xx status codes. Supports fuzzy matching (4xx, 5xx) and exact matching (502, 504). Multiple codes are separated by commas. | 502 |
extend_expiration_time | Integer | No | The maximum time (in seconds) to keep stale cached content after expiration. Default value: 3600 (1 hour). | 60 |
origin_first | String | No | Specifies whether to prioritize the origin stale-if-error policy. When enabled (on), if the origin response includes Cache-Control: stale-if-error=xx, the stale-if-error time takes precedence over extend_expiration_time. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "origin_error_status_code",
"argValue": "502"
}, {
"argName": "extend_expiration_time",
"argValue": "60"
}, {
"argName": "origin_first",
"argValue": "off"
}],
"functionName": "serving_stale_content"
}],
"DomainNames": "example.com"
}HTTPS configurations
https_option
Description: Configures HTTPS basic parameters.
Function ID: 78
Parameters:
Parameter | Type | Required | Description | Example |
http2 | String | No | Specifies whether to enable HTTP/2. Valid values: | on |
ocsp_stapling | String | No | Specifies whether to enable OCSP Stapling. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "http2",
"argValue": "on"
}],
"functionName": "https_option"
}],
"DomainNames": "example.com"
}https_force
Description: Configures HTTPS redirect.
Function ID: 44
Conflict: Conflicts with
http_force(Function ID: 45). Only one can be configured.Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable HTTPS redirect. Valid values: | on |
https_rewrite | String | No | Redirect method. Valid values: | 301 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "https_rewrite",
"argValue": "301"
}],
"functionName": "https_force"
}],
"DomainNames": "example.com"
}http_force
Description: Configures forced HTTP redirect.
Function ID: 45
Conflict: Conflicts with
https_force(Function ID: 44). Only one can be configured. If one feature is already configured (including when its switch parameter is set to off), you must delete the existing configuration before configuring the other.Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable forced HTTP redirect. Valid values: | on |
http_rewrite | String | No | The redirect method. Valid values: 301 (GET request method unchanged, other methods may change to GET), 308 (request method and body are preserved). | 301 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "http_rewrite",
"argValue": "301"
}],
"functionName": "http_force"
}],
"DomainNames": "example.com"
}https_tls_version
Description: Configures TLS protocol versions.
Function ID: 110
Parameters:
Parameter | Type | Required | Description | Example |
tls10 | String | No | Specifies whether to enable TLS 1.0. Valid values: | on |
tls11 | String | No | Specifies whether to enable TLS 1.1. Valid values: | on |
tls12 | String | No | Specifies whether to enable TLS 1.2. Valid values: | on |
tls13 | String | No | Specifies whether to enable TLS 1.3. Valid values: | on |
ciphersuitegroup | String | No | The cipher suite group. Valid values: | all |
ciphersuite | String | No | Custom cipher suites. Used with ciphersuitegroup set to custom. Multiple cipher suites are separated by commas. | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "tls10",
"argValue": "on"
}, {
"argName": "tls11",
"argValue": "on"
}, {
"argName": "tls12",
"argValue": "on"
}, {
"argName": "tls13",
"argValue": "off"
}, {
"argName": "ciphersuitegroup",
"argValue": "all"
}],
"functionName": "https_tls_version"
}],
"DomainNames": "example.com"
}HSTS
Description: Configures HTTP Strict Transport Security (HSTS).
Function ID: 112
Parameters:
Parameter | Type | Required | Description | Example |
enabled | String | Yes | Specifies whether to enable HSTS. Valid values: | on |
https_hsts_max_age | Integer | Yes | The expiration time in seconds. Recommended value: 5184000 (60 days). | 5184000 |
https_hsts_include_subdomains | String | No | Specifies whether to include subdomains in the HSTS header. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enabled",
"argValue": "on"
}, {
"argName": "https_hsts_max_age",
"argValue": "5184000"
}, {
"argName": "https_hsts_include_subdomains",
"argValue": "off"
}],
"functionName": "HSTS"
}],
"DomainNames": "example.com"
}https_client_cert
Description: Configures client certificate authentication.
Function ID: 111
Parameters:
Parameter | Type | Required | Description | Example |
client_certificate_verify | String | Yes | Specifies whether to enable client certificate authentication. Valid values: | on |
client_certificate | String | Yes | The client certificate (public key) to use for authentication. The CA certificate must start with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----. | -----BEGIN PUBLIC KEY-----***-----END PUBLIC KEY----- |
client_verify_depth | String | No | The certificate chain verification depth (number of certificate levels from the client certificate to the root CA). Default value: 1. | 1 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "client_certificate_verify",
"argValue": "on"
}, {
"argName": "client_certificate",
"argValue": "-----BEGIN PUBLIC KEY-----***-----END PUBLIC KEY-----"
}],
"functionName": "https_client_cert"
}],
"DomainNames": "example.com"
}Performance optimization
gzip
Description: Enables page Gzip compression.
Function ID: 35
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable Gzip compression. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}],
"functionName": "gzip"
}],
"DomainNames": "example.com"
}tesla
Description: Configures HTML page optimization.
Function ID: 16
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable page optimization. Valid values: | on |
trim_js | String | No | Specifies whether to optimize inline JS code in HTML. Valid values: | off |
trim_css | String | No | Specifies whether to optimize inline CSS code in HTML. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "trim_css",
"argValue": "off"
}, {
"argName": "trim_js",
"argValue": "off"
}],
"functionName": "tesla"
}],
"DomainNames": "example.com"
}brotli
Description: Configures Brotli compression.
Function ID: 97
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable Brotli compression. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}],
"functionName": "brotli"
}],
"DomainNames": "example.com"
}set_hashkey_args
Description: Configures URL parameter filtering (retain mode).
Function ID: 19
Conflict: Conflicts with
ali_remove_args(Function ID: 75). Only one can be configured.Parameters:
Parameter | Type | Required | Description | Example |
hashkey_args | String | No | The list of parameters to retain, separated by commas (,). Maximum: 10 parameters. | key1,key2 |
disable | String | Yes | Specifies whether to ignore all parameters. Valid values: | on |
keep_oss_args | String | Yes | Specifies whether to retain parameters for origin requests. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "hashkey_args",
"argValue": ""
}, {
"argName": "keep_oss_args",
"argValue": "on"
}, {
"argName": "disable",
"argValue": "on"
}],
"functionName": "set_hashkey_args"
}],
"DomainNames": "example.com"
}ali_remove_args
Description: Configures URL parameter filtering (delete mode).
Function ID: 75
Conflict: Conflicts with
set_hashkey_args(Function ID: 19). Only one can be configured.Parameters:
Parameter | Type | Required | Description | Example |
ali_remove_args | String | Yes | The parameters to delete, separated by spaces. Remaining parameters are used as the URL args portion of the cache key. | test |
keep_oss_args | String | Yes | Specifies whether to retain parameters for origin requests. Valid values: | off |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "ali_remove_args",
"argValue": "test"
}, {
"argName": "keep_oss_args",
"argValue": "off"
}],
"functionName": "ali_remove_args"
}],
"DomainNames": "example.com"
}image_transform
Description: Configures CDN image transformation.
Function ID: 239
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable image transformation. Valid values: | on |
filetype | String | Yes | Supported image formats for transcoding, separated by pipes (|). Valid values: JPEG, JPG, PNG, WEBP, BMP, GIF, TIFF, JP2. | jpg|jpeg|png |
webp | String | No | Specifies whether to enable adaptive WebP conversion. Valid values: | on |
orient | String | No | Specifies whether to enable automatic image rotation. Valid values: | on |
slim | Integer | No | Image slimming percentage. Valid values: 0-100. Reduces image quality without changing resolution, size, or format to save bandwidth. | 10 |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "filetype",
"argValue": "jpg|jpeg|png"
}, {
"argName": "webp",
"argValue": "on"
}, {
"argName": "orient",
"argValue": "on"
}, {
"argName": "enable",
"argValue": "on"
}],
"functionName": "image_transform"
}],
"DomainNames": "example.com"
}Video
range
Description: Configures Range-based origin fetch.
Function ID: 31
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable Range-based origin fetch. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}],
"functionName": "range"
}],
"DomainNames": "example.com"
}video_seek
Description: Configures video seeking (drag and play).
Function ID: 30
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable video seeking. Valid values: | on |
flv_seek_by_time | String | No | Specifies whether to enable FLV time-based seeking. Valid values: | on |
mp4_seek_start | String | No | Custom MP4 start parameter name. | mp4starttime |
mp4_seek_end | String | No | Custom MP4 end parameter name. | mp4endtime |
flv_seek_start | String | No | Custom FLV start parameter name. | flvstarttime |
flv_seek_end | String | No | Custom FLV end parameter name. | flvendtime |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}],
"functionName": "video_seek"
}],
"DomainNames": "example.com"
}ali_video_split
Description: Configures audio extraction from video.
Function ID: 204
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable audio extraction. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}],
"functionName": "ali_video_split"
}],
"DomainNames": "example.com"
}ali_video_preview
Description: Configures video preview (trial viewing).
Function ID: 205
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable video preview. Valid values: | on |
ali_video_preview_argument | String | Yes | The custom preview parameter name. The parameter value unit must be in seconds. | fds |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}, {
"argName": "ali_video_preview_argument",
"argValue": "fds"
}],
"functionName": "ali_video_preview"
}],
"DomainNames": "example.com"
}hls_token_rewrite
Description: Configures M3U8 standard encryption rewriting.
Function ID: 253
Parameters:
Parameter | Type | Required | Description | Example |
enable | String | Yes | Specifies whether to enable M3U8 standard encryption rewriting. Valid values: | on |
hls_token_arg_name | String | No | The custom HLS token parameter name. Default value: MtsHlsUriToken. | example |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "enable",
"argValue": "on"
}],
"functionName": "hls_token_rewrite"
}],
"DomainNames": "example.com"
}Traffic limiting
limit_rate
Description: Configures per-request rate limiting.
Function ID: 72
Parameters:
Parameter | Type | Required | Description | Example |
ali_limit_rate | String | Yes | The rate limit value for a single request (for example, | 1m |
ali_limit_rate_after | String | No | The data volume threshold before rate limiting starts. The value must be in the format of number + unit (k or m), in bytes. | 1000 |
traffic_limit_arg | String | No | The rate limit parameter name extracted from the request URL. When specified, the rate limit is based on the value of this parameter in the URL. When the request does not contain this parameter, the default rate limit (ali_limit_rate) is used. To disable rate limiting when the parameter is absent, set ali_limit_rate to 0k. | rate |
traffic_limit_unit | String | No | The unit for the traffic_limit_arg parameter value. Valid values: | k |
ali_limit_start_hour | Integer | No | Rate limit start hour. Valid values: 0-24 (24-hour format). Default value: | 20 |
ali_limit_end_hour | Integer | No | Rate limit end hour. Valid values: 0-24 (must be greater than the start hour). Default value: | 23 |
Example 1:
{
"Functions": [{
"functionArgs": [{
"argName": "ali_limit_rate",
"argValue": "1m"
}],
"functionName": "limit_rate"
}],
"DomainNames": "example.com"
}Example 2: Set a default rate limit of 1 MByte/s. If the request URL contains the parameter
rate, the rate limit follows the value of that parameter. For example, if the URL containsrate=200, the actual rate limit is 200 KByte/s.
{
"Functions": [{
"functionArgs": [{
"argName": "ali_limit_rate",
"argValue": "1m"
}, {
"argName": "traffic_limit_arg",
"argValue": "rate"
}, {
"argName": "traffic_limit_unit",
"argValue": "k"
}],
"functionName": "limit_rate"
}],
"DomainNames": "example.com"
}EdgeScript and edge functions
edge_function
Description: Configures EdgeScript rules.
Function ID: 180
Parameters:
Parameter | Type | Required | Description | Example |
rule | String | Yes | DSL rule. | if eq($uri, '/') { rewrite('https://example.com/index.html', 'redirect') } |
pri | Integer | Yes | Priority. Valid values: 0-999 (lower value = higher priority). The priorities of head and foot execution positions are independent. | 0 |
enable | String | Yes | Specifies whether the rule is effective. Valid values: | on |
name | String | Yes | Rule name (letters and underscores only). | test |
pos | String | No | Execution position. Valid values: | head |
brk | String | No | Specifies whether to break execution. Valid values: | off |
option | String | No | Extension field. | (empty) |
grammar | String | No | Rule syntax. Valid values: | es2 |
jsmode | String | No | JS execution mode. Valid values: | bypass |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "rule",
"argValue": "if eq($uri, '/') { rewrite('https://example.com/index.html', 'redirect') }"
}, {
"argName": "pri",
"argValue": "0"
}, {
"argName": "enable",
"argValue": "on"
}, {
"argName": "name",
"argValue": "test"
}],
"functionName": "edge_function"
}],
"DomainNames": "example.com"
}Edge functions
edgeroutine
Description: Configures Edge Routine (edge functions).
Function ID: 275
This feature requires an application to enable. You must apply to activate this feature before use.
Rule engine
condition
Description: Configures the rule engine. Allows graphical configuration of condition rules that identify various parameters in user requests (such as client IP, URI, headers, cookies) to determine whether a configuration applies to a specific request. This enables more flexible and precise control of CDN configuration policies.
Function ID: 250
Parameters:
This feature requires an application to enable. You must apply to activate this feature before use.
Parameter | Type | Required | Description | Example |
rule | Array | Yes | The rule condition content, including name, status, logic, and criteria. The criteria object contains: matchType (the type of request information to match), matchObject (further refinement of the match type), matchOperator (the match action, such as equals), matchValue (the value to match against), negate (whether to negate the result, true or false). | {"match":{"logic":"and","criteria":[{"matchType":"clientipVer","matchObject":"CONNECTING_IP","matchOperator":"equals","matchValue":"v6","negate":false}]},"name":"example","status":"enable"} |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "rule",
"argValue": "{\"match\":{\"logic\":\"and\",\"criteria\":[{\"matchType\":\"clientipVer\",\"matchObject\":\"CONNECTING_IP\",\"matchOperator\":\"equals\",\"matchValue\":\"v6\",\"negate\":false}]},\"name\":\"example\",\"status\":\"enable\"}"
}],
"functionName": "condition"
}],
"DomainNames": "example.com"
}Security
ali_location
Description: Configures region-based access blocking.
Function ID: 57
Parameters:
Parameter | Type | Required | Description | Example |
location | String | Yes | The regions to apply the blocking policy. Supports two-letter country codes (ISO 3166 standard), separated by spaces. Also supports global for worldwide blocking. | CN |
type | String | Yes | The blocking policy type. Valid values: | black |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "location",
"argValue": "CN"
}, {
"argName": "type",
"argValue": "black"
}],
"functionName": "ali_location"
}],
"DomainNames": "example.com"
}QUIC
iquic
Description: Configures QUIC protocol basic parameters.
Function ID: 281
Parameters:
Parameter | Type | Required | Description | Example |
iquic_enable | String | Yes | Specifies whether to enable the QUIC protocol. Valid values: | on |
Example:
{
"Functions": [{
"functionArgs": [{
"argName": "iquic_enable",
"argValue": "on"
}],
"functionName": "iquic"
}],
"DomainNames": "example.com"
}