All Products
Search
Document Center

CDN:Feature settings for domain names

Last Updated:Sep 18, 2024

You can call the BatchSetCdnDomainConfig and SetCdnDomainStagingConfig operations to configure features for multiple domain names at a time. This topic describes the features that you can call these operations to configure and parameters that you need to specify when you call these operations.

Note

Basic information

ipv6

  • Feature description: configures IPv6. For more information, see Configure IPv6.

  • Feature ID (FunctionID/FuncId): 194.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    switch

    String

    Yes

    Specifies whether to enable IPv6. Valid values:

    • on

    • off

    on

    region

    String

    Yes

    Specifies the region where you want to enable IPv6.

    Note
    • You can enter an asterisk (*) to specify all regions. If you want to enable IPv6 in a specified region, submit a ticket.

    • If you do not specify this parameter, IPv6 is enabled in all regions.

    *

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "switch",
                "argValue": "on"
            }, {
                "argName": "region",
                "argValue": "*"
            }],
            "functionName": "ipv6"
        }],
        "DomainNames": "example.com"
    }

Origin fetch settings

set_req_host_header

  • Feature description: configures the default origin host. For more information, see Configure the default origin host.

  • Feature ID (FunctionID/FuncId): 18.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    domain_name

    String

    Yes

    The origin host.

    example.com

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "domain_name",
                "argValue": "example.com"
            }],
            "functionName": "set_req_host_header"
        }],
        "DomainNames": "example.com"
    }

forward_scheme

  • Feature description: configures the origin protocol policy. For more information, see Configure the origin protocol policy.

  • Feature ID (FunctionID/FuncId): 47.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable the origin protocol policy. Valid values:

    • on

    • off

    on

    scheme_origin

    String

    No

    The protocol for origin fetch. Valid values:

    • http: Alibaba Cloud CDN redirects requests to the origin server over HTTP.

    • https: Alibaba Cloud CDN redirects requests to the origin server over HTTPS.

    • follow: When a client uses HTTP or HTTPS to request resources, Alibaba Cloud CDN redirects the request to the origin server over the protocol that is used by the client.

    Note

    Default value: follow.

    follow

    scheme_origin_port

    String

    No

    The custom origin port. This parameter needs to be used together with the scheme_origin parameter. Valid values:

    • If scheme_origin is set to http, you only need to configure an origin HTTP port, such as 80.

    • If scheme_origin is set to https, you only need to configure an origin HTTPS port, such as 443.

    • If scheme_origin is set to follow, you need to configure origin HTTP and HTTPS ports. Separate the ports with colons (:). Example: 80:443.

    80:443

  • Example 1: Alibaba Cloud CDN redirects requests to the origin server over the protocol that is used by the client. The origin port is the default port of the protocol, which is 80 for HTTP and 443 for HTTPS.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "scheme_origin",
                "argValue": "follow"
            }],
            "functionName": "forward_scheme"
        }],
        "DomainNames": "example.com"
    }
  • Example 2: Alibaba Cloud CDN redirects requests to the origin server over the protocol that is used by the client. The origin port is a custom port, which is 8080 for HTTP and 4433 for HTTPS.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "scheme_origin",
                "argValue": "follow"
            }, {
                "argName": "scheme_origin_port",
                "argValue": "8080:4433"
            }],
            "functionName": "forward_scheme"
        }],
        "DomainNames": "example.com"
    }

l2_oss_key

  • Feature description: configures access control on private Object Storage Service (OSS) buckets. For more information, see Configure access to private OSS buckets.

  • Feature ID (FunctionID/FuncId): 85.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    private_oss_auth

    String

    Yes

    Specifies whether to enable access to private OSS buckets. Valid values:

    • on

    • off

    After you enable this feature, the system automatically configures a security token issued by Security Token Service (STS). However, Alibaba Cloud CDN can only access private OSS buckets in the same Alibaba Cloud account. For more information about STS tokens, see What is STS?

    on

    perm_private_oss_tbl

    String

    No

    The permanent security token in the format of access_id=123 access_secret=123abc (separated by a space).

    After you configure a permanent security token, Alibaba Cloud CDN can access private OSS buckets in the same Alibaba Cloud account or a different Alibaba Cloud account. For more information about permanent security tokens, see Create an AccessKey pair.

    access_id=123 access_secret=123abc

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "private_oss_auth",
                "argValue": "on"
            },{
                "argName": "perm_private_oss_tbl",
                "argValue": "access_id=123 access_secret=123abc"
            }],
            "functionName": "l2_oss_key"
        }],
        "DomainNames": "example.com"
    }

oss_key_list

  • Feature description: configures one or more rules that define the security tokens used to access different private OSS buckets.

  • Feature ID (FunctionID/FuncId): 183.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    host

    String

    Yes

    The URL of the private OSS bucket.

    example.oss-cn-hangzhou.aliyuncs.com

    key

    String

    Yes

    The permanent security token in the format of access_id=123 access_secret=123abc (separated by a space).

    After you configure a permanent security token, Alibaba Cloud CDN can access private OSS buckets in the same Alibaba Cloud account or a different Alibaba Cloud account. For more information about permanent security tokens, see Create an AccessKey pair.

    access_id=123 access_secret=123abc

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "host",
                "argValue": "example.oss-cn-hangzhou.aliyuncs.com"
            },{
                "argName": "key",
                "argValue": "access_id=123 access_secret=123abc"
            }],
            "functionName": "oss_key_list"
        }],
        "DomainNames": "example.com"
    }

https_origin_sni

  • Feature description: configures origin Server Name Indication (SNI). For more information, see Configure SNI.

  • Feature ID (FunctionID/FuncId): 114.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enabled

    String

    Yes

    Specifies whether to enable origin SNI. Valid values:

    • on

    • off

    on

    https_origin_sni

    String

    Yes

    The SNI information that is carried in origin requests. The SNI information specifies the address of the origin server.

    origin.example.com

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "https_origin_sni",
                "argValue": "origin.example.com"
            }, {
                "argName": "enabled",
                "argValue": "on"
            }],
            "functionName": "https_origin_sni"
        }],
        "DomainNames": "example.com"
    }

forward_timeout

  • Feature description: configures a timeout period for origin requests. For more information, see Configure a timeout period for HTTP origin requests.

  • Feature ID (FunctionID/FuncId): 124.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    forward_timeout

    Integer

    Yes

    The timeout period for the request. Unit: seconds.

    Note

    We recommend that you set this parameter to less than 100 seconds.

    30

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "forward_timeout",
                "argValue": "30"
            }],
            "functionName": "forward_timeout"
        }],
        "DomainNames": "example.com"
    }

advanced_origin

  • Feature description: configures advanced origin settings. For more information, see Configure advanced origin settings.

  • Feature conflicts: The advanced origin feature conflicts with the conditional origin feature (function: origin_dns_host, feature ID: 212). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 235.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    variable_type

    String

    Yes

    The type of the variable. Valid values:

    • header: a request header.

    • arg: a query string parameter in a request URL.

    • uri: a path in a request URL.

    • cookie: a request cookie.

    uri

    variable

    String

    Yes

    The name of the variable.

    Note

    If you set the variable_type parameter to uri, the value of the variable parameter can only be uri.

    uri

    conditions

    String

    Yes

    The condition. Valid values:

    • ==: equals.

    • !=: does not equal.

    ==

    value

    String

    Yes

    The value of the variable.

    /image

    origin

    String

    Yes

    The domain name of the origin server that is carried in a variable in a user request. Requests that are destined for the domain name are redirected to the specified origin server.

    origin.example.com

  • Examples:

    {
     "Functions": [{
      "functionArgs": [{
       "argName": "conditions",
       "argValue": "=="
      }, {
       "argName": "variable_type",
       "argValue": "uri"
      }, {
       "argName": "value",
       "argValue": "/image"
      }, {
       "argName": "origin",
       "argValue": "origin.example.com"
      }, {
       "argName": "variable",
       "argValue": "uri"
      }],
      "functionName": "advanced_origin"
     }],
     "DomainNames": "example.com",
    }

follow_302

  • Feature description: configures 302 redirection. For more information, see Configure 301/302 redirection.

  • Feature ID (FunctionID/FuncId): 219.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable 302 redirection.

    • on

    • off

    on

    max_tries

    Integer

    No

    The maximum number of 302 redirects.

    • Default value: 2.

    • Valid values: 1 to 5.

    Note

    Number of times for origin fetch - 1 = Number of 302 redirects. The default value of the maximum number of times for origin fetch is 3, and valid values are 2 to 6.

    2

    retain_args

    String

    No

    Specifies whether to retain request parameters during 302 redirects. Default value: off. Valid values:

    • on

    • off

    off

    retain_header

    String

    No

    Specifies whether to retain request headers during 302 redirects. Default value: off. Valid values:

    • on

    • off

    off

    response_header

    String

    No

    The response header of 302 redirects that is returned from the origin server. Default value: Location.

    X-Alicdn-Redirect

    retain_host

    String

    No

    Specifies whether to retain the origin domain name during 302 redirects. This feature is available only when the destination domain name is obtained from the response header. Default value: off. Valid values:

    • on

    • off

    off

    modify_host

    String

    No

    Specifies whether to modify the origin domain name during 302 redirects. This feature is available only when the destination domain name is obtained from the response header. By default, the origin domain name is not modified.

    example.com

    cache

    String

    No

    Specifies whether to cache the redirection results of the same URL during 302 redirects. This can help improve the response performance of Alibaba Cloud CDN. Default value: off. Valid values:

    • on

    • off

    off

    expired_time

    Integer

    No

    The timeout period for the cached redirection results of the same URL during 302 redirects. This parameter is valid when the cache parameter is set to on. Unit: seconds. Default value: 3600.

    7200

    follow_origin_host

    String

    No

    Specifies whether the origin domain name is used as the origin host during 302 redirects. If this parameter is set to on, the origin domain name is used as the origin host and the most recent origin domain name is used for a primary/secondary switchover. Default value: off. Valid values:

    • on

    • off

    off

    follow_5xx_retry_origin

    String

    No

    Specifies whether to enable a primary/secondary origin switchover. If this feature is enabled, when Alibaba Cloud CDN receives an HTTP 5xx status code from an origin server, Alibaba Cloud CDN switches to the next available origin server. Default value: off. Valid values:

    • on

    • off

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "max_tries",
                "argValue": 2
            }, {
                "argName": "retain_args",
                "argValue": "off"
            }, {
                "argName": "retain_header",
                "argValue": "off"
    }, {
                "argName": "response_header",
                "argValue": "X-Alicdn-Redirect"
    }, {
                "argName": "retain_header",
                "argValue": "off"
    }, {
                "argName": "modify_host",
                "argValue": "example.com"
    }, {
                "argName": "cache",
                "argValue": "off"
    }, {
                "argName": "expired_time",
                "argValue": "7200"
    }, {
                "argName": "follow_origin_host",
                "argValue": "off"
    }, {
                "argName": "follow_5xx_retry_origin",
                "argValue": "off"
            }],
            "functionName": "follow_302"
        }],
        "DomainNames": "example.com"
    }

set_req_header

  • Feature description: configures a custom origin HTTP header. For more information, see Configure custom request headers (old).

    Note

    set_req_header is version 1. We recommend that you use origin_request_header, which is version 2. origin_request_header supports more headers.

  • Feature ID (FunctionID/FuncId): 39.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    key

    String

    Yes

    The name of the header.

    Accept-Encoding

    value

    String

    Yes

    The value of the header. If you want to delete a header, set the header value to null.

    gzip

  • Example 1: Add an HTTP header to an origin request.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "value",
                "argValue": "gzip"
            }, {
                "argName": "key",
                "argValue": "Accept-Encoding"
            }],
            "functionName": "set_req_header"
        }],
        "DomainNames": "example.com"
    }
  • Example 2: To delete an HTTP header from an origin request, set the header value to null.

    {
        "Functions":[{
    "functionArgs":[{
      "argName":"value",
      "argValue":"null"
      }, {
    "argName":"key",
    "argValue":"User-Agent"
      }],
      "functionName":"set_req_header"
      }],
      "DomainNames":"example.com"
    }

origin_request_header

  • Feature description: configures a custom origin HTTP request header (new). For more information, see Configure HTTP request headers.

  • Feature ID (FunctionID/FuncId): 228.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    header_operation_type

    String

    Yes

    The operation that you want to perform on the request header. Valid values:

    • add

    • delete

    • modify

    • rewrite

    add

    header_name

    String

    Yes

    The name of the request header.

    Accept-Encoding

    header_value

    String

    No

    The value of the request header. You can specify one or more values for a request header. Separate values with commas (,).

    gzip

    duplicate

    String

    No

    Specifies whether to allow duplicate request headers. This parameter is required if you set the header_operation_type parameter to add. Valid values:

    • on

    • off

    off

    header_source

    String

    No

    The header value that you want to replace. If header_operation_type is set to rewrite, you need to specify this parameter. Regular expressions are supported.

    value1

    header_destination

    String

    No

    The header value that is used to replace the original header value. If you set the header_operation_type parameter to rewrite, you need to specify this parameter. Valid values:

    value123

    match_all

    String

    No

    The match mode. If you set the header_operation_type parameter to rewrite, you need to specify a match mode. Valid values:

    • on: All header values that match the search condition are replaced.

    • off: Only the first value that matches the search condition is replaced.

    off

  • Example: Add an origin request header to requests that are destined for example.com. Set the header name to Accept-Encoding, and the header value to gzip.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "header_operation_type",
                "argValue": "add"
            }, {
                "argName": "header_name",
                "argValue": "Accept-Encoding"
            }, {
                "argName": "header_value",
                "argValue": "gzip"
            }, {
                "argName": "duplicate",
                "argValue": "off"
            }],
            "functionName": "origin_request_header"
        }],
        "DomainNames": "example.com"
    }

origin_response_header

  • Feature description: configures an origin HTTP response header. For more information, see Configure HTTP response headers.

  • Feature ID (FunctionID/FuncId): 229.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    header_operation_type

    String

    Yes

    The operation that you want to perform on the response header. Valid values:

    • add

    • delete

    • modify

    • rewrite

    add

    header_name

    String

    Yes

    The name of the response header.

    Cache-Control

    header_value

    String

    No

    The value of the response header. You can specify one or more values for a response header. Separate values with commas (,).

    no-cache

    duplicate

    String

    No

    Specifies whether to allow duplicate response headers. This parameter is required if you set the header_operation_type parameter to add. Valid values:

    • on

    • off

    off

    header_source

    String

    No

    The header value that you want to replace. If header_operation_type is set to rewrite, you need to specify this parameter. Regular expressions are supported.

    value1

    header_destination

    String

    No

    The header value that is used to replace the original header value. If you set the header_operation_type parameter to rewrite, you need to specify this parameter. Valid values:

    value123

    match_all

    String

    No

    The match mode. If you set the header_operation_type parameter to rewrite, you need to specify a match mode. Valid values:

    • on: All header values that match the search condition are replaced.

    • off: Only the first value that matches the search condition is replaced.

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "header_operation_type",
                "argValue": "add"
            }, {
                "argName": "header_name",
                "argValue": "Cache-Control"
            }, {
                "argName": "header_value",
                "argValue": "no-cache"
            }, {
                "argName": "duplicate",
                "argValue": "off"
            }],
            "functionName": "origin_response_header"
        }],
        "DomainNames": "example.com"
    }

back_to_origin_url_rewrite

  • Feature description: rewrites URIs in origin requests. For more information, see Rewrite origin URLs.

  • Feature ID (FunctionID/FuncId): 225.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    source_url

    String

    Yes

    The URI that you want to rewrite.

    ^/hello$

    target_url

    String

    Yes

    The final URI.

    /hello/test

    flag

    String

    No

    The rewrite flag. Valid values:

    • None: If the current rule is matched, the system continues matching the URI against other rules.

    • break: If the current rule is matched, the system skips other rules.

    • enhance_break: This flag is similar to break, except that this flag writes the URL parameters and takes effect for Flash Video (FLV) live streaming.

    break

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "flag",
                "argValue": "break"
            }, {
                "argName": "source_url",
                "argValue": "^/hello$"
            }, {
                "argName": "target_url",
                "argValue": "/hello/test"
            }],
            "functionName": "back_to_origin_url_rewrite"
        }],
        "DomainNames": "example.com",
    }

back_to_origin_argument_rewrite

  • Feature description: rewrites parameters in origin requests. For more information, see Parameter rewrite.

    Note

    After you enable this feature, Alibaba Cloud CDN rewrites query strings in origin URLs. You can configure one or more rewrite rules. Rewrite rules take effect in the following order: Add > Delete > Reserve Only > Modify. If you configure multiple rewrite rules for the same parameter, only the rewrite rule that has the highest priority takes effect.

  • Feature ID (FunctionID/FuncId): 224.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    delete_argument

    String

    No

    The parameters that you want to delete. Separate parameters with spaces.

    code1

    save_argument

    String

    No

    The parameters that you want to retain. Separate parameters with spaces. Only the specified parameters are retained. The Add and Delete rules remain effective.

    None

    ignore_all_argument

    String

    No

    Specifies whether to ignore all parameters. Valid values:

    • on: ignores all parameters. Only the Add rule takes effect.

    • off (default): does not ignore all parameters. The Retain, Add, and Delete rules remain effective.

    on

    add_argument

    String

    No

    The parameters that you want to add. Separate multiple parameters with spaces. The Add rule has the highest priority.

    value=123

    modify_argument

    String

    No

    The parameters that you want to modify. Separate multiple parameters with spaces. The Modify rule has the lowest priority.

    value=321

    enable

    String

    Yes

    Specifies whether to enable parameter rewrite. Valid values:

    • on

    • off

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "delete_argument",
                "argValue": ""
            }, {
                "argName": "save_argument",
                "argValue": ""
            }, {
                "argName": "add_argument",
                "argValue": ""
            }, {
                "argName": "modify_argument",
                "argValue": ""
            }, {
                "argName": "ignore_all_argument",
                "argValue": "on"
            }, {
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "back_to_origin_argument_rewrite"
        }],
        "DomainNames": "example.com"
    }

aws_s3_bucket

  • Feature description: Configures Amazon Simple Storage Service (S3) authentication.

  • Feature ID (FunctionID/FuncId): 186.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enabled

    String

    Yes

    Specifies whether to enable Amazon S3 authentication.

    • I2: enables AWS S3 authentication.

    • off: disables Amazon S3 authentication.

    l2

    bucketname

    String

    No

    The name of the Amazon S3 bucket.

    /

    accesskey

    String

    Yes

    The AWS access key.

    123456789

    secretkey

    String

    Yes

    The AWS secret key.

    12345678

    region

    String

    Yes

    The region where the Amazon S3 bucket resides.

    us-east-2

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enabled",
                "argValue": "l2"
            }, {
                "argName": "accesskey",
                "argValue": "123456789"
            }, {
                "argName": "secretkey",
                "argValue": "123456789"
            }, {
                "argName": "region",
                "argValue": "us-east-2"
            }],
            "functionName": "aws_s3_bucket"
        }],
        "DomainNames": "example.com"
    }

origin_certificate_verification

  • Feature description: configures an SNI whitelist. For more information, see Common Name whitelist.

  • Feature ID (FunctionID/FuncId): 223.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enabled

    String

    Yes

    Specifies whether to enable the SNI whitelist. Valid values:

    • on

    • off

    on

    common_name_whitelist

    String

    No

    The domain names that you want to add to the SNI whitelist. Separate domain names with commas (,). Domain names in the whitelist are considered authenticated.

    example.com

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "common_name_whitelist",
                "argValue": "example.com"
            }],
            "functionName": "origin_certificate_verification"
        }],
        "DomainNames": "example.com"
    }

origin_dns_host

  • Feature description: configures a conditional origin. You can use this feature in conjunction with the rules engine feature (function: condition, feature ID: 250) to retrieve content from a specified origin server based on the paths, URL parameters, or headers in user requests. For more information, see Configure a conditional origin.

  • Prerequisites: At least one rule is created by using the rules engine feature before you configure a conditional origin. When you configure a conditional origin, make sure that a rule is associated with the conditional origin. For more information, see Rules engine. If you do not associate a rule with the conditional origin, all origin traffic is directed to the origin server. This way, conditional origin fetch is not implemented.

  • Feature conflicts: The conditional origin feature conflicts with the advanced origin feature (function: advanced_origin, feature ID: 235). You can use only one of the two features. If you have configured one of the features, you need to delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 212.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    ali_origin_dns_host

    String

    Yes

    The domain name for origin fetch.

    example.com

  • Example: Set parentid to the value of configid that is generated when you create a rule by using the rules engine feature (function: condition, feature ID: 250) to reference the rule. If a request matches the rule, the request is redirected to the origin server that is specified by the rule.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "ali_origin_dns_host",
                "argValue": "example.com"
            }],
            "functionName": "origin_dns_host",
            "parentId":30119730104****
        }],
        "DomainNames": "example.com"
    }

origin_host

  • Feature description: configures the origin host for each origin. For more information, see Specify the origin host for each origin.

  • Feature ID (FunctionID/FuncId): 242.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    origin

    String

    Yes

    The address of the origin server. If you do not specify an origin address, the origin parameter is automatically set to all.

    example.com

    host

    String

    Yes

    The host. You can set the host parameter to ali_follow_origin to use the address of the origin server as the host.

    host.example.com

  • Example 1: When a user request is redirected to the origin server example.com, the value of host is host.example.com.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "origin",
                "argValue": "example.com"
            }, {
                "argName": "host",
                "argValue": "host.example.com"
            }],
            "functionName": "origin_host"
        }],
        "DomainNames": "example.com"
    }
  • Example 2: When a user request is redirected to all origin servers, the value of the origin parameter is all, and the value of the host parameter for all origin servers is host.example.com.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "origin",
                "argValue": "all"
            }, {
                "argName": "host",
                "argValue": "host.example.com"
            }],
            "functionName": "origin_host"
        }],
        "DomainNames": "example.com"
    }
  • Example 3: When a user request is redirected to all origin servers, the value of origin is all, and the value of host for all origin servers is ali_follow_origin, which indicates the address of the origin server.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "origin",
                "argValue": "all"
            }, {
                "argName": "host",
                "argValue": "ali_follow_origin"
            }],
            "functionName": "origin_host"
        }],
        "DomainNames": "example.com"
    }

ali_origin_port_scheme

  • Feature description: specifies a port and a protocol for origin fetch.

  • Feature ID (FunctionID/FuncId): 276.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    port

    String

    Yes

    The origin port.

    Note

    If scheme is set to follow, set the value in the following format: http:80|https:443.

    80

    scheme

    String

    Yes

    The origin protocol. Valid values: http, https, follow, https_sm, and follow_sm.

    • http: HTTP.

    • https: HTTPS.

    • follow: the protocol that is used by clients.

      • If the clients use the HTTP protocol, the HTTP protocol is used for origin fetch.

      • When the client uses the HTTPS protocol:

        • If the client uses the RSA algorithm, the HTTPS protocol and the RSA algorithm are used for origin fetch.

        • If the client uses the ShangMi (SM) algorithm, the HTTPS protocol and the RSA algorithm are used for origin fetch.

    • https_sm: The HTTPS protocol and the SM algorithm are used for origin fetch.

    • follow_sm: The HTTP or HTTPS protocol that is used by clients. The RSA and SM algorithms are supported.

      • If the clients use the HTTP protocol, the HTTP protocol is used for origin fetch.

      • When the client uses the HTTPS protocol:

        • If the client uses the RSA algorithm, the HTTPS protocol and the RSA algorithm are used for origin fetch.

        • If the client uses the SM algorithm, the HTTPS protocol and the SM algorithm are used for origin fetch.

    Note

    RSA is an algorithm that complies with international standards. SM is a self-developed algorithm that is widely used in regions in China and is recognized by the State Cryptography Administration.

    http

  • Example 1: Set the scheme parameter to http and the origin port to 80.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "port",
                "argValue": "80"
            }, {
                "argName": "scheme",
                "argValue": "http"
            }],
            "functionName": "ali_origin_port_scheme"
        }],
        "DomainNames": "example.com"
    }
  • Example 2: Set scheme to follow. When the HTTP protocol is used for origin fetch, requests are sent to port 80 of the origin server. When the HTTPS protocol is used for origin fetch, requests are sent to port 443 of the origin server.

    {
    "Functions":[{
    "functionArgs": [{
    "argName": "port",
    "argValue": "http:80|https:443"
      }, {
    "argName": "scheme",
    "argValue": "follow"
      }],
      "functionName":"ali_origin_port_scheme"
    }],
      "DomainNames":"example.com"
    }

origin_sni

  • Feature description: configures SNI for a specified origin sever.

  • Feature ID (FunctionID/FuncId): 262.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    origin

    String

    Yes

    The address of the origin server. If you do not specify an origin address, the origin parameter is automatically set to all.

    example.com

    sni_host

    String

    Yes

    The SNI host.

    • You can set this parameter to a fixed value, such as example.org.

    • To use the address of the origin server, set this parameter to ali_follow_origin.

    • To use the address of the origin host, set this parameter to ali_follow_host.

    example.org

    keepalive_sni

    String

    No

    Specifies whether to enable SNI matching for persistent connections. Valid values:

    • on

    • off

    Note

    If you enable SNI matching, requests with different SNI hostnames use different persistent connections.

    /

  • Example 1: When a user request is redirected to the origin server origin.example.com, the value of SNI is host.example.com.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "origin",
                "argValue": "origin.example.com"
            }, {
                "argName": "sni_host",
                "argValue": "host.example.com"
            }],
            "functionName": "origin_sni"
        }],
        "DomainNames": "example.com"
    }
  • Example 2: When a user request is redirected to all origin servers, the value of origin is all, and the value of SNI for all origin servers is host.example.com.

    {
    "Functions": [{
    "functionArgs": [{
    "argName": "origin",
    "argValue": "all"
      }, {
    "argName": "sni_host",
    "argValue": "host.example.com"
    }],
    "functionName":"origin_sni"
     }],
     "DomainNames":"example.com"
    }
  • Example 3: When a user request is redirected to all origin servers, the value of origin is all, and the value of SNI for all origin servers is ali_follow_origin, which indicates the address of the origin server.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "origin",
                "argValue": "all"
            }, {
                "argName": "sni_host",
                "argValue": "ali_follow_origin"
            }],
            "functionName": "origin_sni"
        }],
        "DomainNames": "example.com"
    }
  • Example 4: When a user request is redirected to all origin servers, the value of origin is all, and the value of SNI for all origin servers is ali_follow_host, which indicates the address of the origin host.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "origin",
                "argValue": "all"
            }, {
                "argName": "sni_host",
                "argValue": "ali_follow_host"
            }],
            "functionName": "origin_sni"
        }],
        "DomainNames": "example.com"
    }

source_group

  • Feature description: configures an origin server group.

  • Feature ID (FunctionID/FuncId): 294.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    source_group_name

    String

    Yes

    The name of the origin server group. The name can be up to 128 bytes in length and can contain lowercase letters, digits, and underscores (_).

    example_origin

    source_info

    String

    Yes

    The information about the origin servers in the origin server group. Specify the value in the Origin server address_Priority_Weight_Port format. Separate multiple values with commas (,).

    • Origin server address: You can specify IPv4 addresses, IPv6 addresses, and domain names.

    • Priority: The value ranges from 1 to 65535. A smaller value indicates a higher priority.

    • Weight: The value ranges from 1 to 100. The proportions of requests that are sent to different origin servers are allocated based on the weights of the origin servers during origin fetch.

    • Port: The value ranges from 1 to 65535.

    • Single origin server: 192.168.0.1_10_33_80

    • Multiple origin servers: 192.168.0.1_10_33_80,192.0.2.1_10_67_80

    retry_times

    Integer

    No

    The number of origin fetch retries.

    3

    retry_status_rule

    Integer

    No

    The status code for origin fetch retries. Valid values: 4xx, 5xx, 404, 404-or-5xx, and 4xx-or-5xx. You can specify only one value.

    404-or-5xx

    failback_source

    String

    No

    The basic origin information used for backup. Valid values:

    • on: If all origin servers in an origin server group are unavailable, the origin server address that is configured in the Origin Information section on the Basic Settings tab is used.

    • off: If all origin servers in an origin server group are unavailable, a 5xx status code indicating that the origin servers are unavailable is returned to the client.

    on

    Note

    Origin retry logic:

    • retry_times: the number of origin retries.

      • Retries between IP addresses of the same origin server group are allowed.

      • The maximum number of retries varies based on the number of available IP addresses in the origin server group.

      • If you do not set the retry_times parameter, the default number of origin retries is the smaller one of three and the number of available origin server IP addresses.

      • If you specify the retry_times parameter, the number of origin retries is the smaller value between the value of the retry_times parameter and the number of available origin IP addresses.

    • retry_status_rule: the status code that triggers the point of presence (POP) to retry.

      • If you do not specify the retry_status_rule parameter, the POP retries when the origin server returns the 5xx status code.

      • If you specify the retry_status_rule parameter, the POP retries when the origin server returns the status code that you specify. Valid values: 4xx, 5xx, 404, 404-or-5xx, and 4xx-or-5xx. You can specify only one value.

      • After you specify the retry_status_rule parameter, the default status code 5xx remains in effect. For example, if the 404 status code is set, the POP retries when the 404 or 5xx status code is received.

    • Origin retry order: The retry order is based on the priority of IP addresses in the origin server group in descending order.

    • Origin timeout: When the origin server responds to the retry status code, the POP retries after it receives the retry status code. If no retry status code is received from the origin server, the timeout process applies. After the timeout period is reached, the POP is triggered to retry.

      • Timeout period for establishing a TCP connection with the origin server: 10 seconds.

      • Write timeout for the origin server: the period for data write after the TCP connection with the origin server is established. The value is 30 seconds.

      • Origin read timeout: the period for the origin server to return the content requested by the POP after the connection with the origin server is established. The value is 30 seconds.

    • Origin server probing logic:

      • Abnormal TCP connection: If the TCP connection between a POP and an origin server is abnormal, the IP address of the origin server is added to a dead table. This way, subsequent back-to-origin requests are not sent to the IP address. The POP probes the IP address every 5 seconds. If the TCP connection can be established as expected, the IP address of the origin server is removed from the dead table and added to the list of available origin IP addresses.

      • Normal TCP connection: If the TCP connection between a POP and an origin server is normal but a retry status code, such as 5xx, is returned from the origin server, the IP address of the origin server is not removed from the list of available origin IP addresses. In this case, the retry logic is triggered and subsequent requests are still sent to the IP address of the origin server. If errors occur at Layer 7 when the TCP connection between a POP and an origin server is normal, the IP address of the origin server is not automatically blocked. If you want to block the IP address, you need to monitor origin requests at Layer 7.

  • Examples:

    {
    "Functions":[{
     "functionArgs":[{
     "argName":"source_group_name",
     "argValue":"test_yidong"
    },{
     "argName":"source_info",
      "argValue":"192.168.0.1_10_33_80,192.0.2.1_10_67_80"
    },{
    "argName":"retry_times",
    "argValue":"3"
     },{
    "argName":"retry_status_rule",
    "argValue":"404,502"
    },{
    "argName":"failback_source",
      "argValue":"on"
    }],
    "functionName":"source_group"
    }],
     "DomainNames":"example.com"
    }

ipv6_origin

  • Feature description: configures origin fetch over IPv6. For more information, see Configure origin fetch over IPv6.

  • Feature ID (FunctionID/FuncId): 265.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable origin fetch over IPv6.

    • on

    • off

    Note

    After you enable this feature, the origin servers provide IPv6 services.

    • If both the POP and the origin server have available IPv6 addresses, an IPv6 connection is used.

    • An IPv4 connection is used in the following scenarios:

      • The POP does not have an available IPv6 address.

      • The origin server does not have an available IPv6 address.

      • The POP and the origin server do not have available IPv6 addresses.

    on

    follow

    String

    Yes

    Specifies whether to follow the version of the IP protocol that is used by the client.

    • on

    • off

    Note

    After you enable this feature, the IP version of the client request is used for origin fetch.

    • If a client request uses IPv6, an origin server that uses IPv6 is used for origin fetch. If no origin server uses IPv6, an origin server that uses IPv4 is used for origin fetch.

    • If a client request uses IPv4, an origin server that uses IPv4 is used for origin fetch. If no origin server uses IPv4, an origin server that uses IPv6 is used for origin fetch.

    on

    ipv6_v4_mix_used

    String

    No

    Specifies whether to enable the IPv4/IPv6 polling feature.

    • on

    • off

    Note
    • This feature is mutually exclusive with origin fetch over IPv6 and IP protocol following.

    • When the IPv4/IPv6 polling feature is enabled, polling is used to determine the IP address of the origin server for origin fetch, regardless of whether the requests are sent over IPv4 or IPv6, or how many IPv4 and IPv6 addresses does the origin server have.

    • If you configure the weight ratio of IPv4 and IPv6 addresses, origin fetch is performed based on the weight ratio.

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            },{
                "argName": "follow",
                "argValue": "on"
            }],
            "functionName": "ipv6_origin"
        }],
        "DomainNames": "example.com"
    }

cos_auth

  • Feature description: Configures Tencent Cloud Object Service (COS) authentication.

  • Feature ID (FunctionID/FuncId): 288.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable COS authentication.

    • on

    • off

    on

    cos_valid_period

    String

    No

    The validity period of the authentication signature. Unit: seconds. Default value: 3600.

    /

    cos_secret_id

    String

    Yes

    The authentication ID of Tencent Cloud.

    123456789

    cos_secret_key

    String

    Yes

    The authentication key of Tencent Cloud.

    12345678

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "cos_secret_id",
                "argValue": "123456789"
            }, {
                "argName": "cos_secret_key",
                "argValue": "123456789"
            }],
            "functionName": "cos_auth"
        }],
        "DomainNames": "example.com"
    }

oss_auth

  • Feature description: configures authentication on OSS buckets that are used as origins of Alibaba Cloud CDN.

  • Feature ID (FunctionID/FuncId): 10.

  • Note: After you configure an OSS bucket as the origin server for an accelerated domain name, the system automatically adds the oss_auth configuration. Do not delete the oss_auth configuration. Otherwise, you cannot enjoy the preferential pricing that is designed for data transfer between Alibaba Cloud CDN and OSS. Also, if you enable authentication for private OSS buckets but delete the oss_auth configuration, authentication fails when Alibaba Cloud CDN tries to fetch data from the private OSS buckets.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    oss_bucket_id

    String

    Yes

    The public domain name of the OSS bucket.

    cdn-test.oss-cn-hongkong.aliyuncs.com

    oss_pri_buckets

    String

    Yes

    The public domain name of the OSS bucket and the bucket name.

    cdn-test.oss-cn-hongkong.aliyuncs.com|cdn-test

  • Examples:

    {
        "Functions": [
                {
                  "ArgValue": "cdn-test.oss-cn-hongkong.aliyuncs.com",
                  "ArgName": "oss_bucket_id"
                },
                {
                  "ArgValue": "cdn-test.oss-cn-hongkong.aliyuncs.com|cdn-test",
                  "ArgName": "oss_pri_buckets"
                }
              ],
            "functionName": "oss_auth"
        }],
        "DomainNames": "example.com"
    }

Cache settings

filetype_based_ttl_set

  • Feature description: configures a time-to-live (TTL) for files. For more information, see Create a cache rule for resources.

  • Feature ID (FunctionID/FuncId): 6.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    ttl

    Integer

    Yes

    The TTL. Unit: seconds. Valid values: 1 to 99999999, which is more than 3 years.

    500000

    file_type

    String

    Yes

    The file name extensions, which are case-sensitive. Separate file name extensions with commas (,). Example: jpg,txt.

    jpg

    weight

    Integer

    No

    The weight. Valid values: 1 to 99.

    Note

    Default value: 1. A higher value indicates a higher priority.

    1

    swift_origin_cache_high

    String

    No

    Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Default value: off. Valid values:

    • on

    • off

    off

    swift_no_cache_low

    String

    No

    Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.

    • Cache-Control: no-store

    • Cache-Control: no-cache

    • Cache-Control: max-age=0

    • Pragme: no-cache

    Default value: off. Valid values:

    • on

    • off

    off

    swift_follow_cachetime

    String

    No

    Specifies whether the client uses the cache policy that is used by Alibaba Cloud CDN. Default value: off. Valid values:

    • on

    • off

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "file_type",
                "argValue": "jpg"
            }, {
                "argName": "weight",
                "argValue": "1"
            }, {
                "argName": "ttl",
                "argValue": "500000"
            }, {
                "argName": "swift_origin_cache_high",
                "argValue": "off"
            }, {
                "argName": "swift_no_cache_low",
                "argValue": "off"
            }, {
                "argName": "swift_follow_cachetime",
                "argValue": "off"
            }],
            "functionName": "filetype_based_ttl_set"
        }],
        "DomainNames": "example.com"
    }
    

path_based_ttl_set

  • Feature description: configures a TTL for directories. For more information, see Create a cache rule for resources.

  • Feature ID (FunctionID/FuncId): 7.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    ttl

    Integer

    Yes

    The TTL. Unit: seconds. Valid values: 1 to 99999999, which is more than 3 years.

    500000

    path

    String

    Yes

    The directory. The directory must start with a forward slash (/).

    /example/demo

    weight

    Integer

    No

    The weight. Valid values: 1 to 99.

    Note

    Default value: 1. A higher value indicates a higher priority.

    1

    swift_origin_cache_high

    String

    No

    Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Default value: off. Valid values:

    • on

    • off

    off

    swift_no_cache_low

    String

    No

    Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.

    • Cache-Control: no-store

    • Cache-Control: no-cache

    • Cache-Control: max-age=0

    • Pragme: no-cache

    Default value: off. Valid values:

    • on

    • off

    off

    swift_follow_cachetime

    String

    No

    Specifies whether the client uses the cache policy that is used by Alibaba Cloud CDN. Default value: off. Valid values:

    • on

    • off

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "path",
                "argValue": "/example/demo"
            }, {
                "argName": "weight",
                "argValue": "1"
            }, {
                "argName": "ttl",
                "argValue": "500000"
            }, {
                "argName": "swift_origin_cache_high",
                "argValue": "off"
            }, {
                "argName": "swift_no_cache_low",
                "argValue": "off"
            }, {
                "argName": "swift_follow_cachetime",
                "argValue": "off"
            }],
            "functionName": "path_based_ttl_set"
        }],
        "DomainNames": "example.com"
    }

filetype_force_ttl_code

  • Feature description: configures a TTL for HTTP status codes of files. For more information, see Create a cache rule for HTTP status codes.

  • Feature ID (FunctionID/FuncId): 63.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    file_type

    String

    Yes

    The file name extensions. The file name extensions are case-sensitive. Separate multiple values with commas (,). Example: jpg,txt.

    jpg

    code_string

    String

    Yes

    The status code and its TTL. Unit: seconds. Valid values: 1 to 99999999 (more than three years). Separate multiple key-value pairs with commas (,). Example: 302=0,301=0,4xx=2.

    403=10

    swift_origin_cache_high

    String

    No

    Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Default value: off. Valid values:

    • on

    • off

    off

    swift_no_cache_low

    String

    No

    Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.

    • Cache-Control: no-store

    • Cache-Control: no-cache

    • Cache-Control: max-age=0

    • Pragme: no-cache

    Default value: off. Valid values:

    • on

    • off

    off

    swift_follow_cachetime

    String

    No

    Specifies whether the client uses the cache policy that is used by Alibaba Cloud CDN. Default value: off. Valid values:

    • on

    • off

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "file_type",
                "argValue": "jpg"
            }, {
                "argName": "code_string",
                "argValue": "403=10"
           }, {
                "argName": "swift_origin_cache_high",
                "argValue": "off"
            }, {
                "argName": "swift_no_cache_low",
                "argValue": "off"
            }, {
                "argName": "swift_follow_cachetime",
                "argValue": "off"
            }],
            "functionName": "filetype_force_ttl_code"
        }],
        "DomainNames": "example.com"
    }

path_force_ttl_code

  • Feature description: configures a TTL for HTTP status codes of directories. For more information, see Create a cache rule for HTTP status codes.

  • Feature ID (FunctionID/FuncId): 65.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    path

    String

    Yes

    The directory. The directory must start with a forward slash (/). Example: /image.

    /example/demo

    code_string

    String

    Yes

    The status code and its TTL. Unit: seconds. Valid values: 1 to 99999999 (more than three years). Separate multiple key-value pairs with commas (,). Example: 302=0,301=0,4xx=2.

    403=10,404=15

    swift_origin_cache_high

    String

    No

    Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Default value: off. Valid values:

    • on

    • off

    off

    swift_no_cache_low

    String

    No

    Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.

    • Cache-Control: no-store

    • Cache-Control: no-cache

    • Cache-Control: max-age=0

    • Pragme: no-cache

    Default value: off. Valid values:

    • on

    • off

    off

    swift_follow_cachetime

    String

    No

    Specifies whether the client uses the cache policy that is used by Alibaba Cloud CDN. Default value: off. Valid values:

    • on

    • off

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "path",
                "argValue": "/example/demo"
            }, {
                "argName": "code_string",
                "argValue": "403=10,404=15"
            }, {
                "argName": "swift_origin_cache_high",
                "argValue": "off"
            }, {
                "argName": "swift_no_cache_low",
                "argValue": "off"
            }, {
                "argName": "swift_follow_cachetime",
                "argValue": "off"
            }],
            "functionName": "path_force_ttl_code"
        }],
        "DomainNames": "example.com"
    }

default_ttl_code

  • Feature description: configures status code expiration (origin cache policy prioritized). For more information, see Create a status code expiration rule that honors origin.

  • Feature ID (FunctionID/FuncId): 207.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    default_ttl_code

    String

    Yes

    The status code and its TTL. Unit: seconds. Valid values: 1 to 99999999 (more than 3 years). Separate multiple values with commas (,).

    4xx=3,200=3600,5xx=1

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "default_ttl_code",
                "argValue": "4xx=3,200=3600,5xx=1"
            }],
            "functionName": "default_ttl_code"
        }],
        "DomainNames": "example.com"
    }

set_resp_header

  • Feature description: configures a custom HTTP response header. For more information, see Configure an HTTP response header.

  • Feature ID (FunctionID/FuncId): 27.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    key

    String

    Yes

    The response header.

    Cache-Control

    value

    String

    Yes

    The header value. Separate header values with commas (,).

    Note

    If you want to delete a response header, set the header value to null.

    no-cache

    header_operation_type

    String

    No

    The operation that you want to perform on the header. Valid values:

    • add

    • delete

    • modify

    • rewrite: replaces a header.

    add

    duplicate

    String

    No

    Specifies whether to allow duplicate request headers. This parameter is required if you set the header_operation_type parameter to add. Valid values:

    • on

    • off

    off

    header_source

    String

    No

    The header value that you want to replace. If header_operation_type is set to rewrite, you need to specify this parameter. Regular expressions are supported.

    value1

    header_destination

    String

    No

    The header value that is used to replace the original header value. If you set the header_operation_type parameter to rewrite, you need to specify this parameter. Valid values:

    value123

    match_all

    String

    No

    The match mode. If you set the header_operation_type parameter to rewrite, you need to specify a match mode. Valid values:

    • on: All header values that match the search condition are replaced.

    • off: Only the first value that matches the search condition is replaced.

    /

    access_origin_control

    String

    No

    Specifies whether to enable cross-origin resource sharing (CORS). Valid values:

    • on

    • off

    /

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "header_operation_type",
                "argValue": "add"
            }, {
                "argName": "key",
                "argValue": "Cache-Control"
            }, {
                "argName": "value",
                "argValue": "no-cache"
            }, {
                "argName": "duplicate",
                "argValue": "off"
            }],
            "functionName": "set_resp_header"
        }],
        "DomainNames": "example.com"
    }

error_page

  • Feature description: configures a custom error page. For more information, see Create a custom error page.

  • Feature ID (FunctionID/FuncId): 15.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    error_code

    Integer

    Yes

    The HTTP status code.

    404

    rewrite_page

    String

    Yes

    The page to which requests are redirected.

    http://example.aliyundoc.com/error404.html

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "error_code",
                "argValue": "404"
            }, {
                "argName": "rewrite_page",
                "argValue": "http://example.aliyundoc.com/error404.html"
            }],
            "functionName": "error_page"
        }],
        "DomainNames": "example.com"
    }

host_redirect

  • Feature description: configures a URI rewrite rule. For more information, see Rewrite URLs.

  • Feature ID (FunctionID/FuncId): 43.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    regex

    String

    Yes

    The URI that you want to rewrite. The value must start with a forward slash (/) and cannot contain http:// or a domain name. You can use Perl Compatible Regular Expressions (PCRE) to specify the URI. Example: ^/hello$.

    ^/hello$

    replacement

    String

    Yes

    The final URI. The value must start with a forward slash (/) and cannot contain http:// or a domain name.

    /hello/test

    flag

    String

    No

    The operation that you want the POPs to perform after a URI is rewritten. Valid values:

    • empty: This is the default value, which indicates that the flag parameter is not specified. If multiple rules are configured and the URL in a request matches a rule, the request is matched against other rules after the current rule is executed.

    • break: If the URL in a request matches a rule, the requested URL is overwritten by the final URL. Parameters in the original URL are not modified. After the current rule is executed, other rules are skipped.

    • redirect: If the URL in a request matches a rule, Alibaba Cloud CDN returns the HTTP status code 302 and the request is redirected to the actual URL. The value of the Location header in the response message that is returned by the POP to the client is the actual URL. Parameters in the original URL are not modified. After the current rule is executed, the request is matched against other rules.

    • enhance_break: enhance_break is similar to break, but enhance_break modifies the URL, including parameters.

    • enhance_redirect: enhance_redirect is similar to redirect, but enhance_redirect modifies the URL, including parameters.

    Note

    Different rules use different rewrite methods, and whether the rewritten URL supports other domain names and other protocols also varies.

    • empty, break, and enhance_break rewrite the URL in a request, but cannot modify the domain name or protocol in the URL. For example, the rules cannot modify the protocol from HTTP to HTTPS.

    • redirect and enhance_redirect use 302 redirection to rewrite a URL, and can modify the domain name or protocol in the URL.

      • 302 You can set the Location header to the current domain name or another domain name. This way, the original URL uses the example.com domain name, and the rewritten URL uses the aliyundoc.com domain name.

      • 302 The Location header in 302 redirection responses supports different protocols. This way, the original URL uses the HTTP protocol, and the rewritten URL uses the HTTPS protocol.

    redirect

    rewrite_method

    String

    No

    The redirection method. Valid values: 302, 303, and 307.

    • 302: This is the default redirection method. The GET request method does not change. Other request methods may be changed to GET.

    • 303: The GET request method does not change. Other request methods may be changed to GET, and the message body is dropped.

    • 307: The request method and message body remain unchanged.

    302

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "flag",
                "argValue": "redirect"
            }, {
                "argName": "regex",
                "argValue": "^/hello$"
            }, {
                "argName": "replacement",
                "argValue": "/hello/test"
            }, {
                "argName": "rewrite_method",
                "argValue": "302"
            }],
            "functionName": "host_redirect"
        }],
        "DomainNames": "example.com"
    }

self_defined_cachekey

  • Feature description: configures custom cache keys. For more information, see Create custom cache keys.

  • Feature ID (FunctionID/FuncId): 227.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    uri

    Array of String

    No

    Specifies whether to rewrite a URI and save the final URI as a cache key.

    • uri_to_rewrite: the original URI that you want to rewrite.

    • ai_uri_regex: the final URI.

    [{"uri_to_rewrite":"/hello","ai_uri_regex":"/hello/test"}]

    args

    Array of String

    No

    Specifies whether to add, delete, modify, or retain parameters in requests, and save the final URI as a cache key. Valid values:

    • args_operation_type: the operation that you want to perform. Valid values: add, delete, modify, and keep.

    • args: the content that you want to add, delete, modify, or keep.

    [{"args":"test=123","args_operation_type":"add"}]

    headers

    String

    No

    The HTTP headers that you want to add to the URI and the cache key. Separate multiple headers with spaces.

    example

    variable

    Array of String

    No

    The custom variable. You can use a regular expression to extract fields from request parameters, HTTP headers, cookies, and URIs. Then, you can add the extracted fields to cache keys.

    []

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "uri",
                "argValue": [{
                    "uri_to_rewrite": "/hello",
                    "ai_uri_regex": "/hello/test"
                }]
            }, {
                "argName": "args",
                "argValue": [{
                    "args": "test=123",
                    "args_operation_type": "add"
                }]
            }, {
                "argName": "headers",
                "argValue": ""
            }, {
                "argName": "variable",
                "argValue": []
            }],
            "functionName": "self_defined_cachekey"
        }],
        "DomainNames": "example.com"
    }

rewrite_host

  • Feature description: configures cache sharing.

  • Feature ID (FunctionID/FuncId): 54.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    share_host

    String

    Yes

    The domain name with which you want the current domain name to share cache. Configuring this parameter does not modify the origin host of the request. The value of share_host is used to generate a cache key for the query.

    example.com

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "share_host",
                "argValue": "example.com"
            }],
            "functionName": "rewrite_host"
        }],
        "DomainNames": "example.com"
    }

serving_stale_content

  • Feature description: configures POPs to serve stale content.

  • Feature ID (FunctionID/FuncId): 260.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    origin_error_status_code

    String

    No

    The HTTP status code that is returned when the origin server is unreachable.

    • By default, this parameter is left empty. Normally, your origin is considered unreachable if the origin response times out and an HTTP status code 5xx is returned.

    • You can enter 4xx or 5xx for fuzzy match, or enter exact status codes such as 502 or 504. Separate multiple status codes with commas (,).

    502

    extend_expiration_time

    Integer

    No

    The stale TTL, which defines how long CDN can serve the stale content if the origin server is unreachable.

    • By default, this parameter is left empty, which indicates that CDN serves the stale content for 1 hour.

    • The value must be a positive integer greater than or equal to 1. Unit: seconds.

    60

    origin_first

    String

    No

    Specifies whether to honor the origin policy.

    • If you set this parameter to on and Cache-Control: stale-if-error=xx is included in the response from the origin server, POPs serve the stale content for the time specified by stale-if-error.

    • By default, this parameter is left empty, which is equivalent to the value off. In this case, POPs serve the stale content for the time specified by extend_expiration_time.

    • Valid values: on and off.

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "origin_error_status_code",
                "argValue": "502"
            }, {
                "argName": "extend_expiration_time",
                "argValue": "60"
            }, {
                "argName": "origin_first",
                "argValue": "off"
            }],
            "functionName": "serving_stale_content"
        }],
        "DomainNames": "example.com"
    }

HTTPS settings

https_option

  • Feature description: configures basic HTTPS parameters. For more information, see Configure an SSL certificate, Configure HTTP/2, and Configure OCSP stapling.

  • Feature ID (FunctionID/FuncId): 78.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    http2

    String

    No

    Specifies whether to enable HTTP/2. Valid values:

    • on

    • off

    on

    ocsp_stapling

    String

    No

    Specifies whether to enable Online Certificate Status Protocol (OCSP) stapling. Valid values:

    • on

    • off

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "http2",
                "argValue": "on"
            }, {
                "argName": "ocsp_stapling",
                "argValue": "on"
            }],
            "functionName": "https_option"
        }],
        "DomainNames": "example.com"
    }

http_force

  • Feature description: configures URL redirection to HTTP. For more information, see Configure URL redirection.

  • Feature conflicts: The URL redirection to HTTP feature conflicts with the URL redirection to HTTPS feature (function: https_force, feature ID: 44). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 45.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable URL redirection to HTTP.

    • on

    • off

    on

    http_rewrite

    String

    No

    The redirection method. Valid values: 301 and 308.

    • 301: The GET request method does not change. Other request methods may be changed to GET.

    • 308: The request method and message body remain unchanged.

    301

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "http_rewrite",
                "argValue": "301"
            }],
            "functionName": "http_force"
        }],
        "DomainNames": "example.com"
    }

https_force

  • Feature description: configures URL redirection to HTTPS. For more information, see Configure URL redirection.

  • Feature conflicts: The URL redirection to HTTPS feature conflicts with the URL redirection to HTTP feature (function: http_force, feature ID: 45). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 44.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable force redirect to HTTPS. Valid values:

    • on

    • off

    on

    https_rewrite

    String

    No

    The redirection method. Valid values: 301 and 308.

    • 301: The GET request method does not change. Other request methods may be changed to GET.

    • 308: The request method and message body remain unchanged.

    301

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "https_rewrite",
                "argValue": "301"
            }],
            "functionName": "https_force"
        }],
        "DomainNames": "example.com"
    }

https_tls_version

  • Feature description: configures a TLS version. For more information, see Configure TLS versions and cipher suites.

  • Feature ID (FunctionID/FuncId): 110.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    tls10

    String

    No

    Specifies whether to enable TLS 1.0. Default value: on. Valid values:

    • on

    • off

    on

    tls11

    String

    No

    Specifies whether to enable TLS 1.1. Default value: on. Valid values:

    • on

    • off

    on

    tls12

    String

    No

    Specifies whether to enable TLS 1.2. Default value: on. Valid values:

    • on

    • off

    on

    tls13

    String

    No

    Specifies whether to enable TLS 1.3. Default value: on. Valid values:

    • on

    • off

    on

    ciphersuitegroup

    String

    No

    The cipher suite group. Default value: all. Valid values:

    • all: all cipher suites.

    • strict: enhanced cipher suite.

    • custom: custom cipher suite.

    all

    String

    No

    The cipher suites. This parameter is used together with the ciphersuitegroup parameter. Separate multiple cipher suites with commas (,).

    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • Examples:

    • TLS 1.0, 1.1, and 1.2 are enabled, and all cipher suites are used. This is the default configuration.

      {
          "Functions": [{
              "functionArgs": [
                  {
                    "ArgValue": "on",
                    "ArgName": "tls10"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls11"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls12"
                  },
                  {
                    "ArgValue": "off",
                    "ArgName": "tls13"
                  },
                  {
                    "ArgValue": "all",
                    "ArgName": "ciphersuitegroup"
                  }
                ],
              "functionName": "https_tls_version"
          }],
          "DomainNames": "example.com"
      }
    • TLS 1.2 and 1.3 are enabled and the enhanced cipher suite is used.

      {
          "Functions": [{
              "functionArgs": [
                  {
                    "ArgValue": "off",
                    "ArgName": "tls10"
                  },
                  {
                    "ArgValue": "off",
                    "ArgName": "tls11"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls12"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls13"
                  },
                  {
                    "ArgValue": "strict",
                    "ArgName": "ciphersuitegroup"
                  }
                ],
              "functionName": "https_tls_version"
          }],
          "DomainNames": "example.com"
      }
    • TLS 1.2 and 1.3 are enabled and a custom cipher suite is used.

      {
          "Functions": [{
              "functionArgs": [
                  {
                    "ArgValue": "off",
                    "ArgName": "tls10"
                  },
                  {
                    "ArgValue": "off",
                    "ArgName": "tls11"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls12"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls13"
                  },
                  {
                    "ArgValue": "custom",
                    "ArgName": "ciphersuitegroup"
                  },
                  {
                    "ArgValue": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
                    "ArgName": "ciphersuite"
                  }
                ],
              "functionName": "https_tls_version"
          }],
          "DomainNames": "example.com"
      }

HSTS

  • Feature description: configures HTTP Strict Transport Security (HSTS). For more information, see Configure HSTS.

  • Feature ID (FunctionID/FuncId): 112.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enabled

    String

    Yes

    Specifies whether to enable HSTS. Valid values:

    • on

    • off

    on

    https_hsts_max_age

    Integer

    Yes

    The TTL. Unit: seconds.

    Note

    We recommend that you set the TTL to 5184000 seconds (60 days).

    5184000

    https_hsts_include_subdomains

    String

    No

    Specifies whether to include subdomains in HSTS headers. Valid values: on and off.

    Note

    Proceed with caution when you enable this feature. Make sure that HTTPS is enabled for all the subdomains of the accelerated domain name. Otherwise, the HTTPS URLs to which requests are redirected from the subdomains become inaccessible.

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enabled",
                "argValue": "on"
            }, {
                "argName": "https_hsts_max_age",
                "argValue": "5184000"
            }, {
                "argName": "https_hsts_include_subdomains",
                "argValue": "off"
            }],
            "functionName": "HSTS"
        }],
        "DomainNames": "example.com"
    }

Access control settings

referer_white_list_set

  • Feature description: configures a Referer whitelist. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.

  • Feature conflicts: The Referer whitelist feature conflicts with the Referer blacklist feature (function: referer_black_list_set, feature ID: 5). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 1.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    refer_domain_allow_list

    String

    Yes

    The domain names that you want to add to the Referer whitelist. You can specify multiple domain names. Separate the domain names with commas (,).

    example.aliyundoc.com,demo.aliyundoc.com

    allow_empty

    String

    No

    Specifies whether requests with an empty Referer header can access resources on Alibaba Cloud CDN POPs. Default value: off. Valid values:

    • on

    • off

    off

    redirect_url

    String

    No

    The redirect URL. If the Referer information in the request does not match the information in the whitelist, the 403 status code is not returned after the request is blocked. In this case, the 302 status code and the Location header are returned. This parameter is the value of the Location header and starts with http:// or https://.

    http://www.example.com

    disable_ast

    String

    No

    Specifies whether to enable exact match for domain names in the whitelist. Default value: off. If you set this parameter to on, exact match for domain names is enabled.

    • If you set this parameter to on, the following rules apply:

      • Exact match is supported.

        • If you add example.com to the whitelist, example.com is matched.

        • If you add a*b.example.com to the whitelist, a<Any characters>b.example.com is matched.

      • Suffix match is not supported.

    • If you set this parameter to off, the following rules apply:

      • Exact match is not supported.

      • Suffix match is supported.

        • If you add example.com to the whitelist, example.com and <Any characters>.example.com are matched.

        • If you add a*b.example.com to the whitelist, a<Any characters>b.example.com and <Any characters>.a<Any characters>b.example.com are matched.

    off

    ignore_scheme

    String

    No

    Specifies whether to ignore the scheme parameter. Default value: off. After you enable this feature, if the Referer in the request does not have an HTTP or HTTPS header, the Referer is still considered valid.

    • If you set this parameter to on, the Referer is in the following format:

      referer: www.example.com

    • If you set this parameter to off, the Referer is in the following format:

      referer: https://www.example.com

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "allow_empty",
                "argValue": "off"
            }, {
                "argName": "refer_domain_allow_list",
                "argValue": "example.aliyundoc.com,demo.aliyundoc.com"
            }],
            "functionName": "referer_white_list_set"
        }],
        "DomainNames": "example.com"
    }

referer_black_list_set

  • Feature description: configures a Referer blacklist. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.

  • Feature conflicts: The Referer blacklist feature conflicts with the Referer whitelist feature (function: referer_white_list_set, feature ID: 1). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 5.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    refer_domain_deny_list

    String

    Yes

    The domain names that you want to add to the Referer blacklist. You can specify multiple domain names. Separate the domain names with commas (,).

    example.aliyundoc.com,demo.aliyundoc.com

    allow_empty

    String

    No

    Specifies whether requests with an empty Referer header can access resources on Alibaba Cloud CDN POPs. Valid values:

    • on

    • off

    off

    redirect_url

    String

    No

    The redirect URL. If the Referer information in the request matches the information in the blacklist, the 403 status code is not returned after the request is blocked. In this case, the 302 status code and the Location header are returned. This parameter is the value of the Location header and starts with http:// or https://.

    http://www.example.com

    disable_ast

    String

    No

    Specifies whether to enable exact match for domain names in the blacklist. Default value: off. If you set this parameter to on, exact match for domain names is enabled.

    • If you set this parameter to on, the following rules apply:

      • Exact match is supported.

        • If you add example.com to the blacklist, example.com is matched.

        • If you add a*b.example.com to the blacklist, a<Any characters>b.example.com is matched.

      • Suffix match is not supported.

    • If you set this parameter to off, the following rules apply:

      • Exact match is not supported.

      • Suffix match is supported.

        • If you add example.com to the blacklist, example.com and <Any characters>.example.com are matched.

        • If you add a*b.example.com to the blacklist, a<Any characters>b.example.com and <Any characters>.a<Any characters>b.example.com are matched.

    off

    ignore_scheme

    String

    No

    Specifies whether to ignore the scheme parameter. Default value: off. After you enable this feature, if the Referer in the request does not have an HTTP or HTTPS header, the Referer is still considered valid. Example:

    • If you set this parameter to on, the Referer is in the following format:

      referer: www.example.com

    • If you set this parameter to off, the Referer is in the following format:

      referer: https://www.example.com

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "allow_empty",
                "argValue": "off"
            }, {
                "argName": "refer_domain_deny_list",
                "argValue": "example.aliyundoc.com,demo.aliyundoc.com"
            }],
            "functionName": "referer_black_list_set"
        }],
        "DomainNames": "example.com"
    }

aliauth

  • Feature description: configures URL signing. For more information, see Configure URL signing.

  • Feature ID (FunctionID/FuncId): 25.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    auth_m3u8

    String

    No

    Specifies whether to enable M3U8 rewrite. M3U8 rewrite authenticates access to TS files. If M3U8 rewrite is disabled, access to TS files may be denied. Valid values: on and off. Default value: on.

    on

    auth_type

    String

    Yes

    The signing type. Valid values:

    • no_auth: disables URL signing.

    • type_a: enables type A signing.

    • type_b: enables type B signing.

    • type_c: enables type C signing.

    • type_f: enables type F signing.

    type_a

    auth_key1

    String

    Yes

    The cryptographic key 1. The key must be 16 to 128 characters in length and can contain letters and digits.

    1234567890123456789

    auth_key2

    String

    No

    The cryptographic key 2. The key must be 16 to 128 characters in length and can contain letters and digits.

    1234567890123456789

    ali_auth_delta

    Integer

    No

    The validity period of the encrypted URLs. Unit: seconds. Default value: 1800.

    1800

    req_auth_ip_white

    String

    No

    The IP address whitelist. The IP addresses in the whitelist are not verified for authentication.

    You can enter multiple IP addresses. Separate multiple IP addresses with commas (,).

    192.168.0.1

    req_auth_ip_acl_xfwd

    String

    No

    The IP address verification mode. Valid values:

    • on: This is the default mode. This mode verifies only the client IP address. The client IP address is the first IP address in the XFF header in a client request.

    • off: This mode verifies only the IP address that is used by a client to connect to a POP.

    • all: This mode verifies the following IP addresses:

      • The first IP address in the XFF header, which is the client IP address.

      • The IP address that is used by a client to connect to a POP.

    all

    sign_param

    String

    No

    The name of the signature parameter. This parameter takes effect only when the auth_type parameter is set to type_f.

    sign

    time_param

    String

    No

    The name of the timestamp parameter. This parameter takes effect only when the auth_type parameter is set to type_f.

    time

    time_format

    String

    No

    The format of the timestamp. This parameter takes effect only when the auth_type parameter is set to type_f.

    • dec: decimal.

    • hex: hexadecimal.

    hec

    path_encoding

    String

    No

    Specifies whether to enable URL encoding. Valid values: on and off. This parameter takes effect only when the auth_type parameter is set to type_f.

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "auth_type",
                "argValue": "type_a"
            }, {
                "argName": "auth_key1",
                "argValue": "1234567890123456789"
            }, {
                "argName": "auth_key2",
                "argValue": "1234567890123456789"
            }, {
                "argName": "ali_auth_delta",
                "argValue": 1800
            }, {
                "argName": "req_auth_ip_white",
                "argValue": "192.168.0.1"
            }, {
                "argName": "req_auth_ip_acl_xfwd",
                "argValue": "all"
            }{
                "argName": "sign_param",
                "argValue": "sign"
            }, {
                "argName": "time_param",
                "argValue": "time",
            }, {
                "argName": "time_format",
                "argValue": "hec"
            }, {
                "argName": "path_encoding",
                "argValue": "on"
            }],
            "functionName": "aliauth"
        }],
        "domainNames": "example.com"
    }
    

cdn_remote_auth

  • Feature description: configures remote authentication. For more information, see Configure remote authentication.

  • Feature ID (FunctionID/FuncId): 258.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable remote authentication.

    • on

    • off

    on

    remote_auth_addr

    String

    Yes

    The address of the authentication server. Valid formats: https://cdn.aliyun.com/auth and http://10.10.10.10/auth.

    https://example.aliyundoc.com/auth

    remote_auth_method

    String

    Yes

    The request method. Valid values: get, post, and head.

    get

    remote_auth_type

    String

    Yes

    The type of the authentication file. The value all specifies all types. Separate file types with vertical bars (|). The value is case-sensitive. For example, jpg is different from JPG.

    all

    remote_auth_reserve_args

    String

    Yes

    The parameters that you want to retain. Separate parameters with vertical bars (|). The value is not case-sensitive. For example, key is equivalent to KEY.

    all: retains all parameters.

    ali_delete_all_args: deletes all parameters.

    all

    remote_auth_custom_args

    String

    No

    The parameters that you want to add. Separate parameters with vertical bars (|). The value is case-sensitive. For example, key is different from KEY.

    None

    remote_auth_reserve_header

    String

    Yes

    The request headers that you want to retain. Separate request headers with vertical bars (|). The value is not case-sensitive. For example, http_remote_addr is equivalent to HTTP_Remote_Addr.

    • all: retains all request headers.

    • ali_delete_all_headers: deletes all request headers.

    all

    remote_auth_custom_header

    String

    No

    The request headers that you want to add. Separate multiple request headers with vertical bars (|). The value is not case-sensitive. For example, http_remote_addr is equivalent to HTTP_Remote_Addr.

    None

    remote_auth_success_code

    Integer

    Yes

    The HTTP status code that is returned to Alibaba Cloud CDN when a request passes authentication. Example: 200. You can configure multiple HTTP status codes. Separate HTTP status codes with commas (,).

    200

    remote_auth_fail_code

    Integer

    Yes

    The HTTP status code that is returned to Alibaba Cloud CDN when a request fails authentication. Example: 403. You can configure multiple HTTP status codes. Separate HTTP status codes with commas (,).

    403,404

    remote_auth_other_code_act

    String

    No

    The operation to perform when the HTTP status code that is returned to Alibaba Cloud CDN does not indicate that a request passes or fails authentication. Valid values:

    • pass (default): Alibaba Cloud CDN allows the request.

    • reject: Alibaba Cloud CDN rejects the request.

    pass

    remote_auth_fail_resp_code

    Integer

    Yes

    The HTTP status code that is returned by Alibaba Cloud CDN to users when a request fails authentication. For example, if you set this parameter to 403, Alibaba Cloud CDN returns the HTTP 403 status code to the user when the request fails authentication.

    403

    remote_auth_timeout

    Integer

    Yes

    The authentication timeout period. Unit: milliseconds. Maximum value: 3000.

    500

    remote_auth_timeout_action

    String

    Yes

    The action that is performed when authentication times out. Valid values:

    • pass: Alibaba Cloud CDN allows the request.

    • reject: Alibaba Cloud CDN returns the specified HTTP status code for authentication failures to the user.

    pass

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "remote_auth_addr",
                "argValue": "https://example.aliyundoc.com/auth"
            }, {
                "argName": "remote_auth_method",
                "argValue": "get"
            }, {
                "argName": "remote_auth_type",
                "argValue": "all"
            }, {
                "argName": "remote_auth_reserve_args",
                "argValue": "all"
            }, {
                "argName": "remote_auth_custom_args",
                "argValue": ""
            }, {
                "argName": "remote_auth_reserve_header",
                "argValue": "all"
            }, {
                "argName": "remote_auth_custom_header",
                "argValue": ""
            }, {
                "argName": "remote_auth_success_code",
                "argValue": "200"
            }, {
                "argName": "remote_auth_fail_code",
                "argValue": "403"
            }, {
                "argName": "remote_auth_other_code_act",
                "argValue": "pass"
            }, {
                "argName": "remote_auth_fail_resp_code",
                "argValue": "403"
            }, {
                "argName": "remote_auth_timeout",
                "argValue": 500
            }, {
                "argName": "remote_auth_timeout_action",
                "argValue": "pass"
            }],
            "functionName": "cdn_remote_auth"
        }],
        "DomainNames": "example.com"
    }

ip_allow_list_set

  • Feature description: configures an IP address whitelist. For more information, see Configure an IP address blacklist or whitelist.

  • Feature conflicts: The IP address whitelist feature conflicts with the IP address blacklist feature (function: ip_black_list_set, feature ID: 13). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 69.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    ip_list

    String

    Yes

    The IP addresses that you want to add to the blacklist. You can specify multiple IP addresses. Separate IP addresses with commas (,).

    192.168.0.1/24

    ip_acl_xfwd

    String

    No

    Specifies whether to use the IP address in the X-Forwarded-For header for verification. Valid values:

    • on (default): uses the first IP address in the X-Forwarded-For request header for verification.

    • off: uses the IP address that is used to connect to the POP for verification.

    • all: uses both the first IP address in the X-Forwarded-For request header and the IP address that is used to connect to the POP for verification.

    all

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "ip_list",
                "argValue": "192.168.0.1/24"
            }],
            "functionName": "ip_allow_list_set"
        }],
        "DomainNames": "example.com"
    }

ip_black_list_set

  • Feature description: configures an IP address blacklist. For more information, see Configure an IP address blacklist or whitelist.

  • Feature conflicts: The IP address blacklist feature conflicts with the IP address whitelist feature (function: ip_allow_list_set, feature ID: 69). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 13.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    ip_list

    String

    Yes

    The IP addresses that you want to add to the blacklist. You can specify multiple IP addresses. Separate IP addresses with commas (,).

    192.168.0.1

    ip_acl_xfwd

    String

    No

    Specifies whether to use the IP address in the X-Forwarded-For header for verification. Valid values:

    • on (default): uses the first IP address in the X-Forwarded-For request header for verification.

    • off: uses the IP address that is used to connect to the POP for verification.

    • all: uses both the first IP address in the X-Forwarded-For request header and the IP address that is used to connect to the POP for verification.

    all

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "ip_list",
                "argValue": "192.168.0.1"
            }],
            "functionName": "ip_black_list_set"
        }],
        "DomainNames": "example.com"
    }

ali_ua

  • Feature description: configures a User-Agent whitelist or blacklist. For more information, see Configure a User-Agent blacklist or whitelist.

  • Feature ID (FunctionID/FuncId): 58.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    ua

    String

    Yes

    The user agents that you want to add to the whitelist or blacklist. You can use asterisks (*) to match any characters and specify multiple values. Separate values with vertical bars (|). Example: *curl*|*IE*|*chrome*|*firefox*.

    *curl*|*IE*|*chrome*|*firefox*

    type

    String

    Yes

    The type of the list. Valid values:

    • black: a blacklist.

    • white: a whitelist.

    Note

    The blacklist and whitelist are mutually exclusive. You can enable only one type of list.

    black

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "ua",
                "argValue": "*curl*|*IE*|*chrome*|*firefox*"
            }, {
                "argName": "type",
                "argValue": "black"
            }],
            "functionName": "ali_ua"
        }],
        "DomainNames": "example.com"
    }

Performance optimization

tesla

  • Feature description: configures HTML optimization. For more information, see Enable HTML optimization.

  • Feature ID (FunctionID/FuncId): 16.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable HTML optimization. Valid values:

    • on

    • off

    on

    trim_js

    String

    No

    Specifies whether to optimize the JavaScript code of HTML pages. Default value: off. Valid values:

    • on

    • off

    off

    trim_css

    String

    No

    Specifies whether to optimize the CSS code of HTML pages. Default value: off. Valid values:

    • on

    • off

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "trim_css",
                "argValue": "off"
            }, {
                "argName": "trim_js",
                "argValue": "off"
            }],
            "functionName": "tesla"
        }],
        "DomainNames": "example.com"
    }

gzip

  • Feature description: configures Gzip compression. For more information, see Configure Gzip compression.

  • Feature ID (FunctionID/FuncId): 35.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable Gzip compression. Valid values:

    • on

    • off

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "gzip"
        }],
        "DomainNames": "example.com"
    }

brotli

  • Feature description: configures Brotli compression. For more information, see Configure Brotli compression.

  • Feature ID (FunctionID/FuncId):97.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable Brotli compression.

    • on

    • off

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "brotli"
        }],
        "DomainNames": "example.com"
    }

set_hashkey_args

  • Feature description: retains URL parameters. For more information, see Ignore parameters.

  • Feature conflicts: The URL parameter retaining feature conflicts with the URL parameter deleting feature (function: ali_remove_args, feature ID: 75). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 19.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    hashkey_args

    String

    No

    The parameters that you want to retain. You can specify up to 10 parameters. Separate parameters with commas (,).

    key1,key2

    disable

    String

    Yes

    Specifies whether to ignore all parameters. Default value: off. Valid values:

    • on: ignores all parameters. Only the Add rule takes effect.

    • off: does not ignore parameters. The Retain, Add, and Delete rules take effect.

    Note

    The hashkey_args setting has a higher priority. Even if you set this parameter to on, the parameters that are specified by the hashkey_args parameter are retained.

    on

    keep_oss_args

    String

    Yes

    Specifies whether to retain parameters during origin fetch. Valid values:

    • on: All parameters are retained during origin fetch.

    • off: Only the parameters that are specified in hashkey are retained.

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "hashkey_args",
                "argValue": ""
            }, {
                "argName": "keep_oss_args",
                "argValue": "on"
            }, {
                "argName": "disable",
                "argValue": "on"
            }],
            "functionName": "set_hashkey_args"
        }],
        "DomainNames": "example.com"
    }

ali_remove_args

  • Feature description: deletes URL parameters. For more information, see Ignore parameters.

  • Feature conflicts: The URL parameter deleting feature conflicts with the URL parameter retaining feature (function: set_hashkey_args, feature ID: 19). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.

  • Feature ID (FunctionID/FuncId): 75.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    ali_remove_args

    String

    Yes

    The parameters that you want to delete. Separate multiple parameters with spaces.

    Note

    The parameters that are retained are used as the URL parameters in hashkey.

    test

    keep_oss_args

    String

    Yes

    Specifies whether to retain parameters during origin fetch. Valid values:

    • on: All parameters are retained during origin fetch.

    • off: Only the parameters that are specified in hashkey are retained.

    off

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "ali_remove_args",
                "argValue": "test"
            }, {
                "argName": "keep_oss_args",
                "argValue": "off"
            }],
            "functionName": "ali_remove_args"
        }],
        "DomainNames": "example.com"
    }

image_transform

  • Feature description: configures image editing. For more information, see Overview.

  • Feature ID (FunctionID/FuncId): 239.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable image editing.

    • on

    • off

    on

    filetype

    String

    Yes

    The image format that you want to convert. Separate multiple values with vertical bars (|). Valid values:

    • JPEG

    • JPG

    • PNG

    • WEBP

    • BMP

    • GIF

    • TIFF

    • JP2: JPEG 2000

    jpg|jpeg|png

    webp

    String

    No

    Specifies whether to enable automatic conversion to WebP.

    • on

    • off

    on

    orient

    String

    No

    Specifies whether to enable automatic rotation.

    • on

    • off

    Note

    This feature takes effect only for images that carry rotation properties.

    on

    slim

    Integer

    No

    The image compression rate. Valid values: 0 to 100. Image compression reduces data transfer without changing the resolution, size, or format of images.

    10

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "filetype",
                "argValue": "jpg|jpeg|png"
            }, {
                "argName": "webp",
                "argValue": "on"
            }, {
                "argName": "orient",
                "argValue": "on"
            }, {
                "argName": "slim",
                "argValue": ""
            }, {
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "image_transform"
        }],
        "DomainNames": "example.com"
    }

Video-related settings

range

  • Feature description: configures range origin fetch. For more information, see Range origin fetch.

  • Feature ID (FunctionID/FuncId): 31.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable range origin fetch. Valid values:

    • on: enables range origin fetch.

    • off: disables range origin fetch.

    • force: forcibly enables range origin fetch.

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "range"
        }],
        "DomainNames": "example.com"
    }

video_seek

  • Feature description: configures video seeking. For more information, see Video seeking.

  • Feature ID (FunctionID/FuncId): 30.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable video seeking. Valid values:

    • on

    • off

    on

    flv_seek_by_time

    String

    No

    Specifies whether to enable video seeking by time for Flash Video (FLV) files. Valid values:

    • on

    • off

    on

    mp4_seek_start

    String

    No

    Sets custom start parameters for MP4 files.

    mp4starttime

    mp4_seek_end

    String

    No

    Set custom end parameters for MP4 files.

    mp4endtime

    flv_seek_start

    String

    No

    Sets custom start parameters for FLV files.

    flvstarttime

    flv_seek_end

    String

    No

    Set custom end parameters for FLV files.

    flvendtime

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "video_seek"
        }],
        "DomainNames": "example.com"
    }

ali_video_split

  • Feature description: configures audio extraction. For more information, see Audio extraction.

  • Feature ID (FunctionID/FuncId): 204.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable audio extraction.

    • on

    • off

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "ali_video_split"
        }],
        "DomainNames": "example.com"
    }

ali_video_preview

  • Feature description: configures video preview. For more information, see Audio and video preview.

  • Feature ID (FunctionID/FuncId): 205.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable video preview.

    • on

    • off

    Note

    The following file formats are supported: TS, MP3, FLV, and MP4.

    on

    ali_video_preview_argument

    String

    Yes

    The custom preview parameter. Unit of this parameter: seconds.

    fds

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "ali_video_preview_argument",
                "argValue": "fds"
            }],
            "functionName": "ali_video_preview"
        }],
        "DomainNames": "example.com"
    }

hls_token_rewrite

  • Feature description: configures M3U8 encryption and rewrite. For more information, see M3U8 encryption and rewrite.

  • Feature ID (FunctionID/FuncId): 253.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable M3U8 encryption and rewrite.

    • on

    • off

    on

    hls_token_arg_name

    String

    No

    The custom parameter name for the HLS token. If you do not specify a name, MtsHlsUriToken is used as the name.

    example

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "hls_token_rewrite"
        }],
        "DomainNames": "example.com",
    }

Security settings

tmd_signature

  • Feature description: configures rate limiting. For more information, see Configure rate limiting.

  • Feature ID (FunctionID/FuncId): 96.

ddos_domain

  • Feature description: configures DDoS mitigation. For more information, see Configure Anti-DDoS.

  • Feature ID (FunctionID/FuncId): 209.

ali_location

allowed_crawlers

  • Feature description: configures a crawler whitelist. For more information, see Configure WAF.

  • Feature ID (FunctionID/FuncId): 270.

  • To use this feature, submit a ticket.

threat_intelligence

  • Feature description: configures threat intelligence. For more information, see Configure WAF.

  • Feature ID (FunctionID/FuncId): 271.

  • To use this feature, submit a ticket.

intelligent_algorithm

  • Feature description: configures AI protection. For more information, see Configure WAF.

  • Feature ID (FunctionID/FuncId): 272.

  • To use this feature, submit a ticket.

Traffic throttling

limit_rate

  • Feature description: configures throttling for individual requests.

  • Feature ID (FunctionID/FuncId): 72.

  • The following table describes the parameters.

    You can specify only the ali_limit_rate parameter or specify parameters that are carried in the request URL to configure throttling. You can also configure the start and end time for throttling.

    You can configure throttling by specifying the traffic_limit_arg and traffic_limit_unit parameters that are carried in the request URL.

    You can configure the start time and end time for throttling by specifying the ali_limit_start_hour and ali_limit_end_hour parameters.

    Parameter

    Type

    Required

    Description

    Example

    ali_limit_rate

    String

    Yes

    The throttling rate for individual requests, such as 200 KB/s or 1 MB/s. The value can contain a number and a letter (k or m). The unit is byte/s.

    The minimum value is 100k, and smaller values are rounded up to 100k.

    • 1m: The throttling rate for individual requests is 1 MB/s.

    • 100k: The throttling rate for individual requests is 100 KB/s.

    ali_limit_rate_after

    String

    No

    The threshold value based on which throttling is triggered. The value contains a number and an optional letter (k or m). The unit is byte.

    1000

    traffic_limit_arg

    String

    No

    The name of the throttling parameter. Throttling is performed based on the value of the specified parameter in URLs. Sample parameter: rate.

    If the request does not contain a throttling parameter, the throttling rate is the value of ali_limit_rate. If the request does not contain the throttling parameter, set ali_limit_rate to 0k to disable throttling.

    rate

    traffic_limit_unit

    String

    No

    The unit of the throttling parameter traffic_limit_arg. Valid values: m (MB/s) and k (KB/s). If you set the value to m, the throttling rate is 1 MB/s when the rate that is carried in the request URL is 1.

    The minimum value is 100k, and smaller values are rounded up to 100k.

    m

    ali_limit_start_hour

    Integer

    No

    The point in time at which throttling starts. Valid values: 0 to 24. Default value: 0. The start time must be earlier than the end time.

    Note

    Specify a time in the 24-hour format. The time must be on the hour. For example, 00:00:00 represents 0 o'clock and 24:00:00 represents 24 o'clock.

    20

    ali_limit_end_hour

    Integer

    No

    The point in time at which throttling ends. Valid values: 0 to 24. Default value: 24. The end time must be later than the start time.

    23

  • Example 1: Set the throttling rate for individual requests to 1 MB/s.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "ali_limit_rate",
                "argValue": "1m"
            }],
            "functionName": "limit_rate"
        }],
        "DomainNames": "example.com"
    }
  • Example 2: The default throttling rate for individual requests is 1 MB/s. If the request URL contains the rate parameter, the throttling rate is the value of the parameter. For example, if the rate parameter in a user request is 200, the throttling rate is 200 KB/s.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "ali_limit_rate",
                "argValue": "1m"
            },{
                "argName": "traffic_limit_arg",
                "argValue": "rate"
            },{
                "argName": "traffic_limit_unit",
                "argValue": "k"
            }],
            "functionName": "limit_rate"
        }],
        "DomainNames": "example.com"
    }

EdgeScript settings

edge_function

  • Feature description: configures EdgeScript. For more information, see EdgeScript overview.

  • Feature ID (FunctionID/FuncId): 180.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    rule

    String

    Yes

    The domain-specific language (DSL) script.

    if eq($uri, '/') {\n rewrite('https://example.com/index.html', 'redirect')\n}

    pri

    Integer

    Yes

    The priority. Valid values: 0 to 999. A smaller value indicates a higher priority.

    Note

    The priorities of the head and foot execution positions are irrelevant to each other.

    0

    enable

    String

    Yes

    Specifies whether to enable the script. Valid values:

    • on

    • off

    on

    name

    String

    Yes

    The name of the script. The name can contain only letters and underscores (_).

    test

    pos

    String

    No

    The position where you want to execute the script. Default value: head. Valid values:

    • head: The script is executed at the head of the pipeline.

    • foot: The script is executed at the foot of the pipeline.

    head

    brk

    String

    No

    Specifies whether to skip other scripts after the current script is executed. Default value: off. Valid values:

    • on: After the current script is matched, the scripts after the specified position are skipped.

    • off: If the current script is matched, the system continues matching the request against other scripts.

    off

    option

    String

    No

    The extension.

    None

    grammar

    String

    No

    The syntax of the script. Valid values: es2 and js. Default value: es2.

    /

    jsmode

    String

    No

    The JavaScript execution mode. Default value: bypass. Valid values:

    • redirect: block mode.

    • bypass: bypass mode.

    /

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "name",
                "argValue": "test"
            }, {
                "argName": "rule",
                "argValue": "if eq($uri, '/') {\n  rewrite('https://example.com/index.html', 'redirect')\n}"
            }, {
                "argName": "pri",
                "argValue": "0"
            }, {
                "argName": "pos",
                "argValue": "head"
            }, {
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "brk",
                "argValue": "off"
            }, {
                "argName": "option",
                "argValue": ""
            }],
            "functionName": "edge_function"
        }],
        "DomainName": "example.com"
    }

EdgeRoutine settings

edgeroutine

Rules engine settings

condition

  • Feature description: configures rules in a graphical user interface. You can configure rules to identify user requests based on the parameters they carry to determine whether a configuration applies to the requests. This provides a more flexible and accurate method to manage configurations and policies that you set in Alibaba Cloud CDN. For more information, see Rules engine.

  • Feature ID (FunctionID/FuncId): 250.

  • To use this feature, submit a ticket.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    rule

    Array

    Yes

    The content of a rule, including the name, status, logic operator, and conditional expression.

    Rule content:

    {\"match\":{\"logic\":\"and\",\"criteria\":[{\"matchType\":\"clientipVer\",\"matchObject\":\"CONNECTING_IP\",\"matchOperator\":\"equals\",\"matchValue\":\"v6\",\"negate\":false}]},\"name\":\"example\",\"status\":\"enable\"}

    Fields

    • Name: example

    • Status: enable

    • Logic operator: and

    • Conditional expression: The protocol that is used by the client is IPv6.

    The following table describes the parameters in argValue.

    Parameter

    description

    \"match\":

    match indicates a conditional match expression.

    \"logic\":\"and\"

    logic indicates the logical operator that is used to determine whether to match a rule. Valid values: and/or.

    \"criteria\"

    criteria indicates the specific condition in a conditional match expression.

    \"matchType\":\"clientipVer\"

    matchType indicates the type of information carried in the user request to match.

    \"matchObject\":\"CONNECTING_IP\"

    matchObject indicates a further division of the match type. For example, client IP addresses can be further divided into X-Forwarded-For (XFF) IP addresses and IP addresses that are used to connect to POPs.

    \"matchOperator\":\"equals\"

    matchOperator indicates the operator of the match.

    \"matchValue\":\"v6\"

    matchValue indicates a preset value to be matched against the information that is carried in the user request.

    \"negate\":false

    negate indicates whether to invert the result of a conditional expression. Valid values: true and false.

    \"name\":\"example\"

    name indicates the rule name.

    \"status\":\"enable\"

    status indicates the rule status.

  • Examples:

    The following example shows how to call an API operation to add a rule for the example.com domain name to allow or block requests from clients that use IPv6 addresses. For more information, see Rules engine.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "rule",
                "argValue": "{\"match\":{\"logic\":\"and\",\"criteria\":[{\"matchType\":\"clientipVer\",\"matchObject\":\"CONNECTING_IP\",\"matchOperator\":\"equals\",\"matchValue\":\"v6\",\"negate\":false}]},\"name\":\"example\",\"status\":\"enable\"}"
            }],
            "functionName": "condition"
        }],
        "DomainNames": "example.com"
    }

    You can reference an added rule in the configurations of other features. For the list of features that can reference rules, see Rules engine. This allows you to flexibly and precisely control the execution of configuration policies in Alibaba Cloud CDN. For example, a rule can be referenced in the configuration of a conditional origin. The function is origin_dns_host. For information about the configuration example, see origin_dns_host. For information about the conditional origin feature, see Configure a conditional origin.

    Note: If you want to reference a rule in the configurations of other features, set parentid to specify a created rule. The parentid is the ConfigId that is generated when you add a rule.

QUIC

quic

  • Feature description: configures QUIC. For more information, see Configure the QUIC protocol.

  • Feature ID (FunctionID/FuncId): 281.

  • The following table describes the parameters.

    Parameter

    Type

    Required

    Description

    Example

    iquic_enable

    String

    Yes

    Specifies whether to enable QUIC. Valid values:

    • on

    • off

    on

  • Examples:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "iquic_enable",
                "argValue": "on"
            }],
            "functionName": "iquic"
        }],
        "DomainNames": "example.com"
    }