You can call the BatchSetCdnDomainConfig and SetCdnDomainStagingConfig operations to configure features for multiple domain names at a time. This topic describes the features that you can call these operations to configure and parameters that you need to specify when you call these operations.
The features that are described in this topic can be referenced when you call the following API operations:
Production environment: BatchSetCdnDomainConfig, DescribeCdnDomainConfigs, BatchDeleteCdnDomainConfig, and DescribeCdnUserDomainsByFunc.
Staging environment: SetCdnDomainStagingConfig, DescribeCdnDomainStagingConfig, RollbackStagingConfig, and PublishStagingConfigToProduction.
You can call BatchSetCdnDomainConfig and SetCdnDomainStagingConfig to configure features for multiple domain names at the same time. If the operation succeeds, unique configuration IDs (ConfigId) are generated. You can use the configuration IDs to update or delete the configurations of the features. For more information, see Usage notes on ConfigId.
Basic information
ipv6
Feature description: configures IPv6. For more information, see Configure IPv6.
Feature ID (FunctionID/FuncId): 194.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
switch
String
Yes
Specifies whether to enable IPv6. Valid values:
on
off
on
region
String
Yes
Specifies the region where you want to enable IPv6.
NoteYou can enter an asterisk (*) to specify all regions. If you want to enable IPv6 in a specified region, submit a ticket.
If you do not specify this parameter, IPv6 is enabled in all regions.
*
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "switch", "argValue": "on" }, { "argName": "region", "argValue": "*" }], "functionName": "ipv6" }], "DomainNames": "example.com" }
Origin fetch settings
set_req_host_header
Feature description: configures the default origin host. For more information, see Configure the default origin host.
Feature ID (FunctionID/FuncId): 18.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
domain_name
String
Yes
The origin host.
example.com
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "domain_name", "argValue": "example.com" }], "functionName": "set_req_host_header" }], "DomainNames": "example.com" }
forward_scheme
Feature description: configures the origin protocol policy. For more information, see Configure the origin protocol policy.
Feature ID (FunctionID/FuncId): 47.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable the origin protocol policy. Valid values:
on
off
on
scheme_origin
String
No
The protocol for origin fetch. Valid values:
http: Alibaba Cloud CDN redirects requests to the origin server over HTTP.
https: Alibaba Cloud CDN redirects requests to the origin server over HTTPS.
follow: When a client uses HTTP or HTTPS to request resources, Alibaba Cloud CDN redirects the request to the origin server over the protocol that is used by the client.
NoteDefault value: follow.
follow
scheme_origin_port
String
No
The custom origin port. This parameter needs to be used together with the scheme_origin parameter. Valid values:
If scheme_origin is set to http, you only need to configure an origin HTTP port, such as 80.
If scheme_origin is set to https, you only need to configure an origin HTTPS port, such as 443.
If scheme_origin is set to follow, you need to configure origin HTTP and HTTPS ports. Separate the ports with colons (:). Example: 80:443.
80:443
Example 1: Alibaba Cloud CDN redirects requests to the origin server over the protocol that is used by the client. The origin port is the default port of the protocol, which is 80 for HTTP and 443 for HTTPS.
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "scheme_origin", "argValue": "follow" }], "functionName": "forward_scheme" }], "DomainNames": "example.com" }
Example 2: Alibaba Cloud CDN redirects requests to the origin server over the protocol that is used by the client. The origin port is a custom port, which is 8080 for HTTP and 4433 for HTTPS.
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "scheme_origin", "argValue": "follow" }, { "argName": "scheme_origin_port", "argValue": "8080:4433" }], "functionName": "forward_scheme" }], "DomainNames": "example.com" }
l2_oss_key
Feature description: configures access control on private Object Storage Service (OSS) buckets. For more information, see Configure access to private OSS buckets.
Feature ID (FunctionID/FuncId): 85.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
private_oss_auth
String
Yes
Specifies whether to enable access to private OSS buckets. Valid values:
on
off
After you enable this feature, the system automatically configures a security token issued by Security Token Service (STS). However, Alibaba Cloud CDN can only access private OSS buckets in the same Alibaba Cloud account. For more information about STS tokens, see What is STS?
on
perm_private_oss_tbl
String
No
The permanent security token in the format of
access_id=123 access_secret=123abc
(separated by a space).After you configure a permanent security token, Alibaba Cloud CDN can access private OSS buckets in the same Alibaba Cloud account or a different Alibaba Cloud account. For more information about permanent security tokens, see Create an AccessKey pair.
access_id=123 access_secret=123abc
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "private_oss_auth", "argValue": "on" },{ "argName": "perm_private_oss_tbl", "argValue": "access_id=123 access_secret=123abc" }], "functionName": "l2_oss_key" }], "DomainNames": "example.com" }
oss_key_list
Feature description: configures one or more rules that define the security tokens used to access different private OSS buckets.
Feature ID (FunctionID/FuncId): 183.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
host
String
Yes
The URL of the private OSS bucket.
example.oss-cn-hangzhou.aliyuncs.com
key
String
Yes
The permanent security token in the format of
access_id=123 access_secret=123abc
(separated by a space).After you configure a permanent security token, Alibaba Cloud CDN can access private OSS buckets in the same Alibaba Cloud account or a different Alibaba Cloud account. For more information about permanent security tokens, see Create an AccessKey pair.
access_id=123 access_secret=123abc
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "host", "argValue": "example.oss-cn-hangzhou.aliyuncs.com" },{ "argName": "key", "argValue": "access_id=123 access_secret=123abc" }], "functionName": "oss_key_list" }], "DomainNames": "example.com" }
https_origin_sni
Feature description: configures origin Server Name Indication (SNI). For more information, see Configure SNI.
Feature ID (FunctionID/FuncId): 114.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enabled
String
Yes
Specifies whether to enable origin SNI. Valid values:
on
off
on
https_origin_sni
String
Yes
The SNI information that is carried in origin requests. The SNI information specifies the address of the origin server.
origin.example.com
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "https_origin_sni", "argValue": "origin.example.com" }, { "argName": "enabled", "argValue": "on" }], "functionName": "https_origin_sni" }], "DomainNames": "example.com" }
forward_timeout
Feature description: configures a timeout period for origin requests. For more information, see Configure a timeout period for HTTP origin requests.
Feature ID (FunctionID/FuncId): 124.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
forward_timeout
Integer
Yes
The timeout period for the request. Unit: seconds.
NoteWe recommend that you set this parameter to less than 100 seconds.
30
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "forward_timeout", "argValue": "30" }], "functionName": "forward_timeout" }], "DomainNames": "example.com" }
advanced_origin
Feature description: configures advanced origin settings. For more information, see Configure advanced origin settings.
Feature conflicts: The advanced origin feature conflicts with the conditional origin feature (function: origin_dns_host, feature ID: 212). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 235.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
variable_type
String
Yes
The type of the variable. Valid values:
header: a request header.
arg: a query string parameter in a request URL.
uri: a path in a request URL.
cookie: a request cookie.
uri
variable
String
Yes
The name of the variable.
NoteIf you set the variable_type parameter to uri, the value of the variable parameter can only be uri.
uri
conditions
String
Yes
The condition. Valid values:
==: equals.
!=: does not equal.
==
value
String
Yes
The value of the variable.
/image
origin
String
Yes
The domain name of the origin server that is carried in a variable in a user request. Requests that are destined for the domain name are redirected to the specified origin server.
origin.example.com
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "conditions", "argValue": "==" }, { "argName": "variable_type", "argValue": "uri" }, { "argName": "value", "argValue": "/image" }, { "argName": "origin", "argValue": "origin.example.com" }, { "argName": "variable", "argValue": "uri" }], "functionName": "advanced_origin" }], "DomainNames": "example.com", }
follow_302
Feature description: configures 302 redirection. For more information, see Configure 301/302 redirection.
Feature ID (FunctionID/FuncId): 219.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable 302 redirection.
on
off
on
max_tries
Integer
No
The maximum number of 302 redirects.
Default value: 2.
Valid values: 1 to 5.
NoteNumber of times for origin fetch - 1 = Number of 302 redirects. The default value of the maximum number of times for origin fetch is 3, and valid values are 2 to 6.
2
retain_args
String
No
Specifies whether to retain request parameters during 302 redirects. Default value: off. Valid values:
on
off
off
retain_header
String
No
Specifies whether to retain request headers during 302 redirects. Default value: off. Valid values:
on
off
off
response_header
String
No
The response header of 302 redirects that is returned from the origin server. Default value: Location.
X-Alicdn-Redirect
retain_host
String
No
Specifies whether to retain the origin domain name during 302 redirects. This feature is available only when the destination domain name is obtained from the response header. Default value: off. Valid values:
on
off
off
modify_host
String
No
Specifies whether to modify the origin domain name during 302 redirects. This feature is available only when the destination domain name is obtained from the response header. By default, the origin domain name is not modified.
example.com
cache
String
No
Specifies whether to cache the redirection results of the same URL during 302 redirects. This can help improve the response performance of Alibaba Cloud CDN. Default value: off. Valid values:
on
off
off
expired_time
Integer
No
The timeout period for the cached redirection results of the same URL during 302 redirects. This parameter is valid when the cache parameter is set to on. Unit: seconds. Default value: 3600.
7200
follow_origin_host
String
No
Specifies whether the origin domain name is used as the origin host during 302 redirects. If this parameter is set to on, the origin domain name is used as the origin host and the most recent origin domain name is used for a primary/secondary switchover. Default value: off. Valid values:
on
off
off
follow_5xx_retry_origin
String
No
Specifies whether to enable a primary/secondary origin switchover. If this feature is enabled, when Alibaba Cloud CDN receives an HTTP 5xx status code from an origin server, Alibaba Cloud CDN switches to the next available origin server. Default value: off. Valid values:
on
off
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "max_tries", "argValue": 2 }, { "argName": "retain_args", "argValue": "off" }, { "argName": "retain_header", "argValue": "off" }, { "argName": "response_header", "argValue": "X-Alicdn-Redirect" }, { "argName": "retain_header", "argValue": "off" }, { "argName": "modify_host", "argValue": "example.com" }, { "argName": "cache", "argValue": "off" }, { "argName": "expired_time", "argValue": "7200" }, { "argName": "follow_origin_host", "argValue": "off" }, { "argName": "follow_5xx_retry_origin", "argValue": "off" }], "functionName": "follow_302" }], "DomainNames": "example.com" }
set_req_header
Feature description: configures a custom origin HTTP header. For more information, see Configure custom request headers (old).
Noteset_req_header is version 1. We recommend that you use origin_request_header, which is version 2. origin_request_header supports more headers.
Feature ID (FunctionID/FuncId): 39.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
key
String
Yes
The name of the header.
Accept-Encoding
value
String
Yes
The value of the header. If you want to delete a header, set the header value to null.
gzip
Example 1: Add an HTTP header to an origin request.
{ "Functions": [{ "functionArgs": [{ "argName": "value", "argValue": "gzip" }, { "argName": "key", "argValue": "Accept-Encoding" }], "functionName": "set_req_header" }], "DomainNames": "example.com" }
Example 2: To delete an HTTP header from an origin request, set the header value to null.
{ "Functions":[{ "functionArgs":[{ "argName":"value", "argValue":"null" }, { "argName":"key", "argValue":"User-Agent" }], "functionName":"set_req_header" }], "DomainNames":"example.com" }
origin_request_header
Feature description: configures a custom origin HTTP request header (new). For more information, see Configure HTTP request headers.
Feature ID (FunctionID/FuncId): 228.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
header_operation_type
String
Yes
The operation that you want to perform on the request header. Valid values:
add
delete
modify
rewrite
add
header_name
String
Yes
The name of the request header.
Accept-Encoding
header_value
String
No
The value of the request header. You can specify one or more values for a request header. Separate values with commas (,).
gzip
duplicate
String
No
Specifies whether to allow duplicate request headers. This parameter is required if you set the header_operation_type parameter to add. Valid values:
on
off
off
header_source
String
No
The header value that you want to replace. If header_operation_type is set to rewrite, you need to specify this parameter. Regular expressions are supported.
value1
header_destination
String
No
The header value that is used to replace the original header value. If you set the header_operation_type parameter to rewrite, you need to specify this parameter. Valid values:
value123
match_all
String
No
The match mode. If you set the header_operation_type parameter to rewrite, you need to specify a match mode. Valid values:
on: All header values that match the search condition are replaced.
off: Only the first value that matches the search condition is replaced.
off
Example: Add an origin request header to requests that are destined for
example.com
. Set the header name to Accept-Encoding, and the header value to gzip.{ "Functions": [{ "functionArgs": [{ "argName": "header_operation_type", "argValue": "add" }, { "argName": "header_name", "argValue": "Accept-Encoding" }, { "argName": "header_value", "argValue": "gzip" }, { "argName": "duplicate", "argValue": "off" }], "functionName": "origin_request_header" }], "DomainNames": "example.com" }
origin_response_header
Feature description: configures an origin HTTP response header. For more information, see Configure HTTP response headers.
Feature ID (FunctionID/FuncId): 229.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
header_operation_type
String
Yes
The operation that you want to perform on the response header. Valid values:
add
delete
modify
rewrite
add
header_name
String
Yes
The name of the response header.
Cache-Control
header_value
String
No
The value of the response header. You can specify one or more values for a response header. Separate values with commas (,).
no-cache
duplicate
String
No
Specifies whether to allow duplicate response headers. This parameter is required if you set the header_operation_type parameter to add. Valid values:
on
off
off
header_source
String
No
The header value that you want to replace. If header_operation_type is set to rewrite, you need to specify this parameter. Regular expressions are supported.
value1
header_destination
String
No
The header value that is used to replace the original header value. If you set the header_operation_type parameter to rewrite, you need to specify this parameter. Valid values:
value123
match_all
String
No
The match mode. If you set the header_operation_type parameter to rewrite, you need to specify a match mode. Valid values:
on: All header values that match the search condition are replaced.
off: Only the first value that matches the search condition is replaced.
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "header_operation_type", "argValue": "add" }, { "argName": "header_name", "argValue": "Cache-Control" }, { "argName": "header_value", "argValue": "no-cache" }, { "argName": "duplicate", "argValue": "off" }], "functionName": "origin_response_header" }], "DomainNames": "example.com" }
back_to_origin_url_rewrite
Feature description: rewrites URIs in origin requests. For more information, see Rewrite origin URLs.
Feature ID (FunctionID/FuncId): 225.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
source_url
String
Yes
The URI that you want to rewrite.
^/hello$
target_url
String
Yes
The final URI.
/hello/test
flag
String
No
The rewrite flag. Valid values:
None: If the current rule is matched, the system continues matching the URI against other rules.
break: If the current rule is matched, the system skips other rules.
enhance_break: This flag is similar to break, except that this flag writes the URL parameters and takes effect for Flash Video (FLV) live streaming.
break
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "flag", "argValue": "break" }, { "argName": "source_url", "argValue": "^/hello$" }, { "argName": "target_url", "argValue": "/hello/test" }], "functionName": "back_to_origin_url_rewrite" }], "DomainNames": "example.com", }
back_to_origin_argument_rewrite
Feature description: rewrites parameters in origin requests. For more information, see Parameter rewrite.
NoteAfter you enable this feature, Alibaba Cloud CDN rewrites query strings in origin URLs. You can configure one or more rewrite rules. Rewrite rules take effect in the following order: Add > Delete > Reserve Only > Modify. If you configure multiple rewrite rules for the same parameter, only the rewrite rule that has the highest priority takes effect.
Feature ID (FunctionID/FuncId): 224.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
delete_argument
String
No
The parameters that you want to delete. Separate parameters with spaces.
code1
save_argument
String
No
The parameters that you want to retain. Separate parameters with spaces. Only the specified parameters are retained. The Add and Delete rules remain effective.
None
ignore_all_argument
String
No
Specifies whether to ignore all parameters. Valid values:
on: ignores all parameters. Only the Add rule takes effect.
off (default): does not ignore all parameters. The Retain, Add, and Delete rules remain effective.
on
add_argument
String
No
The parameters that you want to add. Separate multiple parameters with spaces. The Add rule has the highest priority.
value=123
modify_argument
String
No
The parameters that you want to modify. Separate multiple parameters with spaces. The Modify rule has the lowest priority.
value=321
enable
String
Yes
Specifies whether to enable parameter rewrite. Valid values:
on
off
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "delete_argument", "argValue": "" }, { "argName": "save_argument", "argValue": "" }, { "argName": "add_argument", "argValue": "" }, { "argName": "modify_argument", "argValue": "" }, { "argName": "ignore_all_argument", "argValue": "on" }, { "argName": "enable", "argValue": "on" }], "functionName": "back_to_origin_argument_rewrite" }], "DomainNames": "example.com" }
aws_s3_bucket
Feature description: Configures Amazon Simple Storage Service (S3) authentication.
Feature ID (FunctionID/FuncId): 186.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enabled
String
Yes
Specifies whether to enable Amazon S3 authentication.
I2: enables AWS S3 authentication.
off: disables Amazon S3 authentication.
l2
bucketname
String
No
The name of the Amazon S3 bucket.
/
accesskey
String
Yes
The AWS access key.
123456789
secretkey
String
Yes
The AWS secret key.
12345678
region
String
Yes
The region where the Amazon S3 bucket resides.
us-east-2
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enabled", "argValue": "l2" }, { "argName": "accesskey", "argValue": "123456789" }, { "argName": "secretkey", "argValue": "123456789" }, { "argName": "region", "argValue": "us-east-2" }], "functionName": "aws_s3_bucket" }], "DomainNames": "example.com" }
origin_certificate_verification
Feature description: configures an SNI whitelist. For more information, see Common Name whitelist.
Feature ID (FunctionID/FuncId): 223.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enabled
String
Yes
Specifies whether to enable the SNI whitelist. Valid values:
on
off
on
common_name_whitelist
String
No
The domain names that you want to add to the SNI whitelist. Separate domain names with commas (,). Domain names in the whitelist are considered authenticated.
example.com
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "common_name_whitelist", "argValue": "example.com" }], "functionName": "origin_certificate_verification" }], "DomainNames": "example.com" }
origin_dns_host
Feature description: configures a conditional origin. You can use this feature in conjunction with the rules engine feature (function: condition, feature ID: 250) to retrieve content from a specified origin server based on the paths, URL parameters, or headers in user requests. For more information, see Configure a conditional origin.
Prerequisites: At least one rule is created by using the rules engine feature before you configure a conditional origin. When you configure a conditional origin, make sure that a rule is associated with the conditional origin. For more information, see Rules engine. If you do not associate a rule with the conditional origin, all origin traffic is directed to the origin server. This way, conditional origin fetch is not implemented.
Feature conflicts: The conditional origin feature conflicts with the advanced origin feature (function: advanced_origin, feature ID: 235). You can use only one of the two features. If you have configured one of the features, you need to delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 212.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ali_origin_dns_host
String
Yes
The domain name for origin fetch.
example.com
Example: Set parentid to the value of configid that is generated when you create a rule by using the rules engine feature (function: condition, feature ID: 250) to reference the rule. If a request matches the rule, the request is redirected to the origin server that is specified by the rule.
{ "Functions": [{ "functionArgs": [{ "argName": "ali_origin_dns_host", "argValue": "example.com" }], "functionName": "origin_dns_host", "parentId":30119730104**** }], "DomainNames": "example.com" }
origin_host
Feature description: configures the origin host for each origin. For more information, see Specify the origin host for each origin.
Feature ID (FunctionID/FuncId): 242.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
origin
String
Yes
The address of the origin server. If you do not specify an origin address, the origin parameter is automatically set to all.
example.com
host
String
Yes
The host. You can set the host parameter to
ali_follow_origin
to use the address of the origin server as the host.host.example.com
Example 1: When a user request is redirected to the origin server
example.com
, the value of host ishost.example.com
.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "example.com" }, { "argName": "host", "argValue": "host.example.com" }], "functionName": "origin_host" }], "DomainNames": "example.com" }
Example 2: When a user request is redirected to all origin servers, the value of the origin parameter is all, and the value of the host parameter for all origin servers is
host.example.com
.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "host", "argValue": "host.example.com" }], "functionName": "origin_host" }], "DomainNames": "example.com" }
Example 3: When a user request is redirected to all origin servers, the value of origin is all, and the value of host for all origin servers is
ali_follow_origin
, which indicates the address of the origin server.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "host", "argValue": "ali_follow_origin" }], "functionName": "origin_host" }], "DomainNames": "example.com" }
ali_origin_port_scheme
Feature description: specifies a port and a protocol for origin fetch.
Feature ID (FunctionID/FuncId): 276.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
port
String
Yes
The origin port.
NoteIf scheme is set to follow, set the value in the following format:
http:80|https:443
.80
scheme
String
Yes
The origin protocol. Valid values: http, https, follow, https_sm, and follow_sm.
http: HTTP.
https: HTTPS.
follow: the protocol that is used by clients.
If the clients use the HTTP protocol, the HTTP protocol is used for origin fetch.
When the client uses the HTTPS protocol:
If the client uses the RSA algorithm, the HTTPS protocol and the RSA algorithm are used for origin fetch.
If the client uses the ShangMi (SM) algorithm, the HTTPS protocol and the RSA algorithm are used for origin fetch.
https_sm: The HTTPS protocol and the SM algorithm are used for origin fetch.
follow_sm: The HTTP or HTTPS protocol that is used by clients. The RSA and SM algorithms are supported.
If the clients use the HTTP protocol, the HTTP protocol is used for origin fetch.
When the client uses the HTTPS protocol:
If the client uses the RSA algorithm, the HTTPS protocol and the RSA algorithm are used for origin fetch.
If the client uses the SM algorithm, the HTTPS protocol and the SM algorithm are used for origin fetch.
NoteRSA is an algorithm that complies with international standards. SM is a self-developed algorithm that is widely used in regions in China and is recognized by the State Cryptography Administration.
http
Example 1: Set the scheme parameter to http and the origin port to 80.
{ "Functions": [{ "functionArgs": [{ "argName": "port", "argValue": "80" }, { "argName": "scheme", "argValue": "http" }], "functionName": "ali_origin_port_scheme" }], "DomainNames": "example.com" }
Example 2: Set scheme to follow. When the HTTP protocol is used for origin fetch, requests are sent to port 80 of the origin server. When the HTTPS protocol is used for origin fetch, requests are sent to port 443 of the origin server.
{ "Functions":[{ "functionArgs": [{ "argName": "port", "argValue": "http:80|https:443" }, { "argName": "scheme", "argValue": "follow" }], "functionName":"ali_origin_port_scheme" }], "DomainNames":"example.com" }
origin_sni
Feature description: configures SNI for a specified origin sever.
Feature ID (FunctionID/FuncId): 262.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
origin
String
Yes
The address of the origin server. If you do not specify an origin address, the origin parameter is automatically set to all.
example.com
sni_host
String
Yes
The SNI host.
You can set this parameter to a fixed value, such as
example.org
.To use the address of the origin server, set this parameter to
ali_follow_origin
.To use the address of the origin host, set this parameter to
ali_follow_host
.
example.org
keepalive_sni
String
No
Specifies whether to enable SNI matching for persistent connections. Valid values:
on
off
NoteIf you enable SNI matching, requests with different SNI hostnames use different persistent connections.
/
Example 1: When a user request is redirected to the origin server
origin.example.com
, the value of SNI ishost.example.com
.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "origin.example.com" }, { "argName": "sni_host", "argValue": "host.example.com" }], "functionName": "origin_sni" }], "DomainNames": "example.com" }
Example 2: When a user request is redirected to all origin servers, the value of origin is
all
, and the value of SNI for all origin servers ishost.example.com
.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "sni_host", "argValue": "host.example.com" }], "functionName":"origin_sni" }], "DomainNames":"example.com" }
Example 3: When a user request is redirected to all origin servers, the value of origin is
all
, and the value of SNI for all origin servers isali_follow_origin
, which indicates the address of the origin server.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "sni_host", "argValue": "ali_follow_origin" }], "functionName": "origin_sni" }], "DomainNames": "example.com" }
Example 4: When a user request is redirected to all origin servers, the value of origin is
all
, and the value of SNI for all origin servers isali_follow_host
, which indicates the address of the origin host.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "sni_host", "argValue": "ali_follow_host" }], "functionName": "origin_sni" }], "DomainNames": "example.com" }
source_group
Feature description: configures an origin server group.
Feature ID (FunctionID/FuncId): 294.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
source_group_name
String
Yes
The name of the origin server group. The name can be up to 128 bytes in length and can contain lowercase letters, digits, and underscores (_).
example_origin
source_info
String
Yes
The information about the origin servers in the origin server group. Specify the value in the Origin server address_Priority_Weight_Port format. Separate multiple values with commas (,).
Origin server address: You can specify IPv4 addresses, IPv6 addresses, and domain names.
Priority: The value ranges from 1 to 65535. A smaller value indicates a higher priority.
Weight: The value ranges from 1 to 100. The proportions of requests that are sent to different origin servers are allocated based on the weights of the origin servers during origin fetch.
Port: The value ranges from 1 to 65535.
Single origin server: 192.168.0.1_10_33_80
Multiple origin servers: 192.168.0.1_10_33_80,192.0.2.1_10_67_80
retry_times
Integer
No
The number of origin fetch retries.
3
retry_status_rule
Integer
No
The status code for origin fetch retries. Valid values: 4xx, 5xx, 404, 404-or-5xx, and 4xx-or-5xx. You can specify only one value.
404-or-5xx
failback_source
String
No
The basic origin information used for backup. Valid values:
on: If all origin servers in an origin server group are unavailable, the origin server address that is configured in the Origin Information section on the Basic Settings tab is used.
off: If all origin servers in an origin server group are unavailable, a 5xx status code indicating that the origin servers are unavailable is returned to the client.
on
NoteOrigin retry logic:
retry_times: the number of origin retries.
Retries between IP addresses of the same origin server group are allowed.
The maximum number of retries varies based on the number of available IP addresses in the origin server group.
If you do not set the retry_times parameter, the default number of origin retries is the smaller one of three and the number of available origin server IP addresses.
If you specify the retry_times parameter, the number of origin retries is the smaller value between the value of the retry_times parameter and the number of available origin IP addresses.
retry_status_rule: the status code that triggers the point of presence (POP) to retry.
If you do not specify the retry_status_rule parameter, the POP retries when the origin server returns the 5xx status code.
If you specify the retry_status_rule parameter, the POP retries when the origin server returns the status code that you specify. Valid values: 4xx, 5xx, 404, 404-or-5xx, and 4xx-or-5xx. You can specify only one value.
After you specify the retry_status_rule parameter, the default status code 5xx remains in effect. For example, if the 404 status code is set, the POP retries when the 404 or 5xx status code is received.
Origin retry order: The retry order is based on the priority of IP addresses in the origin server group in descending order.
Origin timeout: When the origin server responds to the retry status code, the POP retries after it receives the retry status code. If no retry status code is received from the origin server, the timeout process applies. After the timeout period is reached, the POP is triggered to retry.
Timeout period for establishing a TCP connection with the origin server: 10 seconds.
Write timeout for the origin server: the period for data write after the TCP connection with the origin server is established. The value is 30 seconds.
Origin read timeout: the period for the origin server to return the content requested by the POP after the connection with the origin server is established. The value is 30 seconds.
Origin server probing logic:
Abnormal TCP connection: If the TCP connection between a POP and an origin server is abnormal, the IP address of the origin server is added to a dead table. This way, subsequent back-to-origin requests are not sent to the IP address. The POP probes the IP address every 5 seconds. If the TCP connection can be established as expected, the IP address of the origin server is removed from the dead table and added to the list of available origin IP addresses.
Normal TCP connection: If the TCP connection between a POP and an origin server is normal but a retry status code, such as 5xx, is returned from the origin server, the IP address of the origin server is not removed from the list of available origin IP addresses. In this case, the retry logic is triggered and subsequent requests are still sent to the IP address of the origin server. If errors occur at Layer 7 when the TCP connection between a POP and an origin server is normal, the IP address of the origin server is not automatically blocked. If you want to block the IP address, you need to monitor origin requests at Layer 7.
Examples:
{ "Functions":[{ "functionArgs":[{ "argName":"source_group_name", "argValue":"test_yidong" },{ "argName":"source_info", "argValue":"192.168.0.1_10_33_80,192.0.2.1_10_67_80" },{ "argName":"retry_times", "argValue":"3" },{ "argName":"retry_status_rule", "argValue":"404,502" },{ "argName":"failback_source", "argValue":"on" }], "functionName":"source_group" }], "DomainNames":"example.com" }
ipv6_origin
Feature description: configures origin fetch over IPv6. For more information, see Configure origin fetch over IPv6.
Feature ID (FunctionID/FuncId): 265.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable origin fetch over IPv6.
on
off
NoteAfter you enable this feature, the origin servers provide IPv6 services.
If both the POP and the origin server have available IPv6 addresses, an IPv6 connection is used.
An IPv4 connection is used in the following scenarios:
The POP does not have an available IPv6 address.
The origin server does not have an available IPv6 address.
The POP and the origin server do not have available IPv6 addresses.
on
follow
String
Yes
Specifies whether to follow the version of the IP protocol that is used by the client.
on
off
NoteAfter you enable this feature, the IP version of the client request is used for origin fetch.
If a client request uses IPv6, an origin server that uses IPv6 is used for origin fetch. If no origin server uses IPv6, an origin server that uses IPv4 is used for origin fetch.
If a client request uses IPv4, an origin server that uses IPv4 is used for origin fetch. If no origin server uses IPv4, an origin server that uses IPv6 is used for origin fetch.
on
ipv6_v4_mix_used
String
No
Specifies whether to enable the IPv4/IPv6 polling feature.
on
off
NoteThis feature is mutually exclusive with origin fetch over IPv6 and IP protocol following.
When the IPv4/IPv6 polling feature is enabled, polling is used to determine the IP address of the origin server for origin fetch, regardless of whether the requests are sent over IPv4 or IPv6, or how many IPv4 and IPv6 addresses does the origin server have.
If you configure the weight ratio of IPv4 and IPv6 addresses, origin fetch is performed based on the weight ratio.
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" },{ "argName": "follow", "argValue": "on" }], "functionName": "ipv6_origin" }], "DomainNames": "example.com" }
cos_auth
Feature description: Configures Tencent Cloud Object Service (COS) authentication.
Feature ID (FunctionID/FuncId): 288.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable COS authentication.
on
off
on
cos_valid_period
String
No
The validity period of the authentication signature. Unit: seconds. Default value: 3600.
/
cos_secret_id
String
Yes
The authentication ID of Tencent Cloud.
123456789
cos_secret_key
String
Yes
The authentication key of Tencent Cloud.
12345678
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "cos_secret_id", "argValue": "123456789" }, { "argName": "cos_secret_key", "argValue": "123456789" }], "functionName": "cos_auth" }], "DomainNames": "example.com" }
oss_auth
Feature description: configures authentication on OSS buckets that are used as origins of Alibaba Cloud CDN.
Feature ID (FunctionID/FuncId): 10.
Note: After you configure an OSS bucket as the origin server for an accelerated domain name, the system automatically adds the oss_auth configuration. Do not delete the oss_auth configuration. Otherwise, you cannot enjoy the preferential pricing that is designed for data transfer between Alibaba Cloud CDN and OSS. Also, if you enable authentication for private OSS buckets but delete the oss_auth configuration, authentication fails when Alibaba Cloud CDN tries to fetch data from the private OSS buckets.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
oss_bucket_id
String
Yes
The public domain name of the OSS bucket.
cdn-test.oss-cn-hongkong.aliyuncs.com
oss_pri_buckets
String
Yes
The public domain name of the OSS bucket and the bucket name.
cdn-test.oss-cn-hongkong.aliyuncs.com|cdn-test
Examples:
{ "Functions": [ { "ArgValue": "cdn-test.oss-cn-hongkong.aliyuncs.com", "ArgName": "oss_bucket_id" }, { "ArgValue": "cdn-test.oss-cn-hongkong.aliyuncs.com|cdn-test", "ArgName": "oss_pri_buckets" } ], "functionName": "oss_auth" }], "DomainNames": "example.com" }
Cache settings
filetype_based_ttl_set
Feature description: configures a time-to-live (TTL) for files. For more information, see Create a cache rule for resources.
Feature ID (FunctionID/FuncId): 6.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ttl
Integer
Yes
The TTL. Unit: seconds. Valid values: 1 to 99999999, which is more than 3 years.
500000
file_type
String
Yes
The file name extensions, which are case-sensitive. Separate file name extensions with commas (,). Example: jpg,txt.
jpg
weight
Integer
No
The weight. Valid values: 1 to 99.
NoteDefault value: 1. A higher value indicates a higher priority.
1
swift_origin_cache_high
String
No
Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Default value: off. Valid values:
on
off
off
swift_no_cache_low
String
No
Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.
Cache-Control: no-store
Cache-Control: no-cache
Cache-Control: max-age=0
Pragme: no-cache
Default value: off. Valid values:
on
off
off
swift_follow_cachetime
String
No
Specifies whether the client uses the cache policy that is used by Alibaba Cloud CDN. Default value: off. Valid values:
on
off
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "file_type", "argValue": "jpg" }, { "argName": "weight", "argValue": "1" }, { "argName": "ttl", "argValue": "500000" }, { "argName": "swift_origin_cache_high", "argValue": "off" }, { "argName": "swift_no_cache_low", "argValue": "off" }, { "argName": "swift_follow_cachetime", "argValue": "off" }], "functionName": "filetype_based_ttl_set" }], "DomainNames": "example.com" }
path_based_ttl_set
Feature description: configures a TTL for directories. For more information, see Create a cache rule for resources.
Feature ID (FunctionID/FuncId): 7.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ttl
Integer
Yes
The TTL. Unit: seconds. Valid values: 1 to 99999999, which is more than 3 years.
500000
path
String
Yes
The directory. The directory must start with a forward slash (/).
/example/demo
weight
Integer
No
The weight. Valid values: 1 to 99.
NoteDefault value: 1. A higher value indicates a higher priority.
1
swift_origin_cache_high
String
No
Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Default value: off. Valid values:
on
off
off
swift_no_cache_low
String
No
Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.
Cache-Control: no-store
Cache-Control: no-cache
Cache-Control: max-age=0
Pragme: no-cache
Default value: off. Valid values:
on
off
off
swift_follow_cachetime
String
No
Specifies whether the client uses the cache policy that is used by Alibaba Cloud CDN. Default value: off. Valid values:
on
off
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "path", "argValue": "/example/demo" }, { "argName": "weight", "argValue": "1" }, { "argName": "ttl", "argValue": "500000" }, { "argName": "swift_origin_cache_high", "argValue": "off" }, { "argName": "swift_no_cache_low", "argValue": "off" }, { "argName": "swift_follow_cachetime", "argValue": "off" }], "functionName": "path_based_ttl_set" }], "DomainNames": "example.com" }
filetype_force_ttl_code
Feature description: configures a TTL for HTTP status codes of files. For more information, see Create a cache rule for HTTP status codes.
Feature ID (FunctionID/FuncId): 63.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
file_type
String
Yes
The file name extensions. The file name extensions are case-sensitive. Separate multiple values with commas (,). Example: jpg,txt.
jpg
code_string
String
Yes
The status code and its TTL. Unit: seconds. Valid values: 1 to 99999999 (more than three years). Separate multiple key-value pairs with commas (,). Example: 302=0,301=0,4xx=2.
403=10
swift_origin_cache_high
String
No
Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Default value: off. Valid values:
on
off
off
swift_no_cache_low
String
No
Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.
Cache-Control: no-store
Cache-Control: no-cache
Cache-Control: max-age=0
Pragme: no-cache
Default value: off. Valid values:
on
off
off
swift_follow_cachetime
String
No
Specifies whether the client uses the cache policy that is used by Alibaba Cloud CDN. Default value: off. Valid values:
on
off
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "file_type", "argValue": "jpg" }, { "argName": "code_string", "argValue": "403=10" }, { "argName": "swift_origin_cache_high", "argValue": "off" }, { "argName": "swift_no_cache_low", "argValue": "off" }, { "argName": "swift_follow_cachetime", "argValue": "off" }], "functionName": "filetype_force_ttl_code" }], "DomainNames": "example.com" }
path_force_ttl_code
Feature description: configures a TTL for HTTP status codes of directories. For more information, see Create a cache rule for HTTP status codes.
Feature ID (FunctionID/FuncId): 65.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
path
String
Yes
The directory. The directory must start with a forward slash (/). Example: /image.
/example/demo
code_string
String
Yes
The status code and its TTL. Unit: seconds. Valid values: 1 to 99999999 (more than three years). Separate multiple key-value pairs with commas (,). Example: 302=0,301=0,4xx=2.
403=10,404=15
swift_origin_cache_high
String
No
Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Default value: off. Valid values:
on
off
off
swift_no_cache_low
String
No
Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.
Cache-Control: no-store
Cache-Control: no-cache
Cache-Control: max-age=0
Pragme: no-cache
Default value: off. Valid values:
on
off
off
swift_follow_cachetime
String
No
Specifies whether the client uses the cache policy that is used by Alibaba Cloud CDN. Default value: off. Valid values:
on
off
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "path", "argValue": "/example/demo" }, { "argName": "code_string", "argValue": "403=10,404=15" }, { "argName": "swift_origin_cache_high", "argValue": "off" }, { "argName": "swift_no_cache_low", "argValue": "off" }, { "argName": "swift_follow_cachetime", "argValue": "off" }], "functionName": "path_force_ttl_code" }], "DomainNames": "example.com" }
default_ttl_code
Feature description: configures status code expiration (origin cache policy prioritized). For more information, see Create a status code expiration rule that honors origin.
Feature ID (FunctionID/FuncId): 207.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
default_ttl_code
String
Yes
The status code and its TTL. Unit: seconds. Valid values: 1 to 99999999 (more than 3 years). Separate multiple values with commas (,).
4xx=3,200=3600,5xx=1
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "default_ttl_code", "argValue": "4xx=3,200=3600,5xx=1" }], "functionName": "default_ttl_code" }], "DomainNames": "example.com" }
set_resp_header
Feature description: configures a custom HTTP response header. For more information, see Configure an HTTP response header.
Feature ID (FunctionID/FuncId): 27.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
key
String
Yes
The response header.
Cache-Control
value
String
Yes
The header value. Separate header values with commas (,).
NoteIf you want to delete a response header, set the header value to null.
no-cache
header_operation_type
String
No
The operation that you want to perform on the header. Valid values:
add
delete
modify
rewrite: replaces a header.
add
duplicate
String
No
Specifies whether to allow duplicate request headers. This parameter is required if you set the header_operation_type parameter to add. Valid values:
on
off
off
header_source
String
No
The header value that you want to replace. If header_operation_type is set to rewrite, you need to specify this parameter. Regular expressions are supported.
value1
header_destination
String
No
The header value that is used to replace the original header value. If you set the header_operation_type parameter to rewrite, you need to specify this parameter. Valid values:
value123
match_all
String
No
The match mode. If you set the header_operation_type parameter to rewrite, you need to specify a match mode. Valid values:
on: All header values that match the search condition are replaced.
off: Only the first value that matches the search condition is replaced.
/
access_origin_control
String
No
Specifies whether to enable cross-origin resource sharing (CORS). Valid values:
on
off
/
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "header_operation_type", "argValue": "add" }, { "argName": "key", "argValue": "Cache-Control" }, { "argName": "value", "argValue": "no-cache" }, { "argName": "duplicate", "argValue": "off" }], "functionName": "set_resp_header" }], "DomainNames": "example.com" }
error_page
Feature description: configures a custom error page. For more information, see Create a custom error page.
Feature ID (FunctionID/FuncId): 15.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
error_code
Integer
Yes
The HTTP status code.
404
rewrite_page
String
Yes
The page to which requests are redirected.
http://example.aliyundoc.com/error404.html
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "error_code", "argValue": "404" }, { "argName": "rewrite_page", "argValue": "http://example.aliyundoc.com/error404.html" }], "functionName": "error_page" }], "DomainNames": "example.com" }
host_redirect
Feature description: configures a URI rewrite rule. For more information, see Rewrite URLs.
Feature ID (FunctionID/FuncId): 43.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
regex
String
Yes
The URI that you want to rewrite. The value must start with a forward slash (/) and cannot contain http:// or a domain name. You can use Perl Compatible Regular Expressions (PCRE) to specify the URI. Example: ^/hello$.
^/hello$
replacement
String
Yes
The final URI. The value must start with a forward slash (/) and cannot contain http:// or a domain name.
/hello/test
flag
String
No
The operation that you want the POPs to perform after a URI is rewritten. Valid values:
empty: This is the default value, which indicates that the flag parameter is not specified. If multiple rules are configured and the URL in a request matches a rule, the request is matched against other rules after the current rule is executed.
break: If the URL in a request matches a rule, the requested URL is overwritten by the final URL. Parameters in the original URL are not modified. After the current rule is executed, other rules are skipped.
redirect: If the URL in a request matches a rule, Alibaba Cloud CDN returns the HTTP status code 302 and the request is redirected to the actual URL. The value of the Location header in the response message that is returned by the POP to the client is the actual URL. Parameters in the original URL are not modified. After the current rule is executed, the request is matched against other rules.
enhance_break: enhance_break is similar to break, but enhance_break modifies the URL, including parameters.
enhance_redirect: enhance_redirect is similar to redirect, but enhance_redirect modifies the URL, including parameters.
NoteDifferent rules use different rewrite methods, and whether the rewritten URL supports other domain names and other protocols also varies.
empty, break, and enhance_break rewrite the URL in a request, but cannot modify the domain name or protocol in the URL. For example, the rules cannot modify the protocol from HTTP to HTTPS.
redirect and enhance_redirect use 302 redirection to rewrite a URL, and can modify the domain name or protocol in the URL.
302 You can set the Location header to the current domain name or another domain name. This way, the original URL uses the example.com domain name, and the rewritten URL uses the aliyundoc.com domain name.
302 The Location header in 302 redirection responses supports different protocols. This way, the original URL uses the HTTP protocol, and the rewritten URL uses the HTTPS protocol.
redirect
rewrite_method
String
No
The redirection method. Valid values: 302, 303, and 307.
302: This is the default redirection method. The GET request method does not change. Other request methods may be changed to GET.
303: The GET request method does not change. Other request methods may be changed to GET, and the message body is dropped.
307: The request method and message body remain unchanged.
302
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "flag", "argValue": "redirect" }, { "argName": "regex", "argValue": "^/hello$" }, { "argName": "replacement", "argValue": "/hello/test" }, { "argName": "rewrite_method", "argValue": "302" }], "functionName": "host_redirect" }], "DomainNames": "example.com" }
self_defined_cachekey
Feature description: configures custom cache keys. For more information, see Create custom cache keys.
Feature ID (FunctionID/FuncId): 227.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
uri
Array of String
No
Specifies whether to rewrite a URI and save the final URI as a cache key.
uri_to_rewrite: the original URI that you want to rewrite.
ai_uri_regex: the final URI.
[{"uri_to_rewrite":"/hello","ai_uri_regex":"/hello/test"}]
args
Array of String
No
Specifies whether to add, delete, modify, or retain parameters in requests, and save the final URI as a cache key. Valid values:
args_operation_type: the operation that you want to perform. Valid values: add, delete, modify, and keep.
args: the content that you want to add, delete, modify, or keep.
[{"args":"test=123","args_operation_type":"add"}]
headers
String
No
The HTTP headers that you want to add to the URI and the cache key. Separate multiple headers with spaces.
example
variable
Array of String
No
The custom variable. You can use a regular expression to extract fields from request parameters, HTTP headers, cookies, and URIs. Then, you can add the extracted fields to cache keys.
[]
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "uri", "argValue": [{ "uri_to_rewrite": "/hello", "ai_uri_regex": "/hello/test" }] }, { "argName": "args", "argValue": [{ "args": "test=123", "args_operation_type": "add" }] }, { "argName": "headers", "argValue": "" }, { "argName": "variable", "argValue": [] }], "functionName": "self_defined_cachekey" }], "DomainNames": "example.com" }
rewrite_host
Feature description: configures cache sharing.
Feature ID (FunctionID/FuncId): 54.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
share_host
String
Yes
The domain name with which you want the current domain name to share cache. Configuring this parameter does not modify the origin host of the request. The value of share_host is used to generate a cache key for the query.
example.com
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "share_host", "argValue": "example.com" }], "functionName": "rewrite_host" }], "DomainNames": "example.com" }
serving_stale_content
Feature description: configures POPs to serve stale content.
Feature ID (FunctionID/FuncId): 260.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
origin_error_status_code
String
No
The HTTP status code that is returned when the origin server is unreachable.
By default, this parameter is left empty. Normally, your origin is considered unreachable if the origin response times out and an HTTP status code 5xx is returned.
You can enter 4xx or 5xx for fuzzy match, or enter exact status codes such as 502 or 504. Separate multiple status codes with commas (,).
502
extend_expiration_time
Integer
No
The stale TTL, which defines how long CDN can serve the stale content if the origin server is unreachable.
By default, this parameter is left empty, which indicates that CDN serves the stale content for 1 hour.
The value must be a positive integer greater than or equal to 1. Unit: seconds.
60
origin_first
String
No
Specifies whether to honor the origin policy.
If you set this parameter to on and
Cache-Control: stale-if-error=xx
is included in the response from the origin server, POPs serve the stale content for the time specified by stale-if-error.By default, this parameter is left empty, which is equivalent to the value off. In this case, POPs serve the stale content for the time specified by extend_expiration_time.
Valid values: on and off.
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "origin_error_status_code", "argValue": "502" }, { "argName": "extend_expiration_time", "argValue": "60" }, { "argName": "origin_first", "argValue": "off" }], "functionName": "serving_stale_content" }], "DomainNames": "example.com" }
HTTPS settings
https_option
Feature description: configures basic HTTPS parameters. For more information, see Configure an SSL certificate, Configure HTTP/2, and Configure OCSP stapling.
Feature ID (FunctionID/FuncId): 78.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
http2
String
No
Specifies whether to enable HTTP/2. Valid values:
on
off
on
ocsp_stapling
String
No
Specifies whether to enable Online Certificate Status Protocol (OCSP) stapling. Valid values:
on
off
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "http2", "argValue": "on" }, { "argName": "ocsp_stapling", "argValue": "on" }], "functionName": "https_option" }], "DomainNames": "example.com" }
http_force
Feature description: configures URL redirection to HTTP. For more information, see Configure URL redirection.
Feature conflicts: The URL redirection to HTTP feature conflicts with the URL redirection to HTTPS feature (function: https_force, feature ID: 44). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 45.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable URL redirection to HTTP.
on
off
on
http_rewrite
String
No
The redirection method. Valid values: 301 and 308.
301: The GET request method does not change. Other request methods may be changed to GET.
308: The request method and message body remain unchanged.
301
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "http_rewrite", "argValue": "301" }], "functionName": "http_force" }], "DomainNames": "example.com" }
https_force
Feature description: configures URL redirection to HTTPS. For more information, see Configure URL redirection.
Feature conflicts: The URL redirection to HTTPS feature conflicts with the URL redirection to HTTP feature (function: http_force, feature ID: 45). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 44.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable force redirect to HTTPS. Valid values:
on
off
on
https_rewrite
String
No
The redirection method. Valid values: 301 and 308.
301: The GET request method does not change. Other request methods may be changed to GET.
308: The request method and message body remain unchanged.
301
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "https_rewrite", "argValue": "301" }], "functionName": "https_force" }], "DomainNames": "example.com" }
https_tls_version
Feature description: configures a TLS version. For more information, see Configure TLS versions and cipher suites.
Feature ID (FunctionID/FuncId): 110.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
tls10
String
No
Specifies whether to enable TLS 1.0. Default value: on. Valid values:
on
off
on
tls11
String
No
Specifies whether to enable TLS 1.1. Default value: on. Valid values:
on
off
on
tls12
String
No
Specifies whether to enable TLS 1.2. Default value: on. Valid values:
on
off
on
tls13
String
No
Specifies whether to enable TLS 1.3. Default value: on. Valid values:
on
off
on
ciphersuitegroup
String
No
The cipher suite group. Default value: all. Valid values:
all: all cipher suites.
strict: enhanced cipher suite.
custom: custom cipher suite.
all
String
No
The cipher suites. This parameter is used together with the ciphersuitegroup parameter. Separate multiple cipher suites with commas (,).
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Examples:
TLS 1.0, 1.1, and 1.2 are enabled, and all cipher suites are used. This is the default configuration.
{ "Functions": [{ "functionArgs": [ { "ArgValue": "on", "ArgName": "tls10" }, { "ArgValue": "on", "ArgName": "tls11" }, { "ArgValue": "on", "ArgName": "tls12" }, { "ArgValue": "off", "ArgName": "tls13" }, { "ArgValue": "all", "ArgName": "ciphersuitegroup" } ], "functionName": "https_tls_version" }], "DomainNames": "example.com" }
TLS 1.2 and 1.3 are enabled and the enhanced cipher suite is used.
{ "Functions": [{ "functionArgs": [ { "ArgValue": "off", "ArgName": "tls10" }, { "ArgValue": "off", "ArgName": "tls11" }, { "ArgValue": "on", "ArgName": "tls12" }, { "ArgValue": "on", "ArgName": "tls13" }, { "ArgValue": "strict", "ArgName": "ciphersuitegroup" } ], "functionName": "https_tls_version" }], "DomainNames": "example.com" }
TLS 1.2 and 1.3 are enabled and a custom cipher suite is used.
{ "Functions": [{ "functionArgs": [ { "ArgValue": "off", "ArgName": "tls10" }, { "ArgValue": "off", "ArgName": "tls11" }, { "ArgValue": "on", "ArgName": "tls12" }, { "ArgValue": "on", "ArgName": "tls13" }, { "ArgValue": "custom", "ArgName": "ciphersuitegroup" }, { "ArgValue": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "ArgName": "ciphersuite" } ], "functionName": "https_tls_version" }], "DomainNames": "example.com" }
HSTS
Feature description: configures HTTP Strict Transport Security (HSTS). For more information, see Configure HSTS.
Feature ID (FunctionID/FuncId): 112.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enabled
String
Yes
Specifies whether to enable HSTS. Valid values:
on
off
on
https_hsts_max_age
Integer
Yes
The TTL. Unit: seconds.
NoteWe recommend that you set the TTL to 5184000 seconds (60 days).
5184000
https_hsts_include_subdomains
String
No
Specifies whether to include subdomains in HSTS headers. Valid values: on and off.
NoteProceed with caution when you enable this feature. Make sure that HTTPS is enabled for all the subdomains of the accelerated domain name. Otherwise, the HTTPS URLs to which requests are redirected from the subdomains become inaccessible.
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enabled", "argValue": "on" }, { "argName": "https_hsts_max_age", "argValue": "5184000" }, { "argName": "https_hsts_include_subdomains", "argValue": "off" }], "functionName": "HSTS" }], "DomainNames": "example.com" }
Access control settings
referer_white_list_set
Feature description: configures a Referer whitelist. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.
Feature conflicts: The Referer whitelist feature conflicts with the Referer blacklist feature (function: referer_black_list_set, feature ID: 5). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 1.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
refer_domain_allow_list
String
Yes
The domain names that you want to add to the Referer whitelist. You can specify multiple domain names. Separate the domain names with commas (,).
example.aliyundoc.com,demo.aliyundoc.com
allow_empty
String
No
Specifies whether requests with an empty Referer header can access resources on Alibaba Cloud CDN POPs. Default value: off. Valid values:
on
off
off
redirect_url
String
No
The redirect URL. If the Referer information in the request does not match the information in the whitelist, the 403 status code is not returned after the request is blocked. In this case, the 302 status code and the Location header are returned. This parameter is the value of the Location header and starts with http:// or https://.
http://www.example.com
disable_ast
String
No
Specifies whether to enable exact match for domain names in the whitelist. Default value: off. If you set this parameter to on, exact match for domain names is enabled.
If you set this parameter to on, the following rules apply:
Exact match is supported.
If you add
example.com
to the whitelist,example.com
is matched.If you add
a*b.example.com
to the whitelist,a<Any characters>b.example.com
is matched.
Suffix match is not supported.
If you set this parameter to off, the following rules apply:
Exact match is not supported.
Suffix match is supported.
If you add
example.com
to the whitelist,example.com
and<Any characters>.example.com
are matched.If you add
a*b.example.com
to the whitelist,a<Any characters>b.example.com
and<Any characters>.a<Any characters>b.example.com
are matched.
off
ignore_scheme
String
No
Specifies whether to ignore the scheme parameter. Default value: off. After you enable this feature, if the Referer in the request does not have an HTTP or HTTPS header, the Referer is still considered valid.
If you set this parameter to on, the Referer is in the following format:
referer: www.example.com
If you set this parameter to off, the Referer is in the following format:
referer: https://www.example.com
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "allow_empty", "argValue": "off" }, { "argName": "refer_domain_allow_list", "argValue": "example.aliyundoc.com,demo.aliyundoc.com" }], "functionName": "referer_white_list_set" }], "DomainNames": "example.com" }
referer_black_list_set
Feature description: configures a Referer blacklist. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.
Feature conflicts: The Referer blacklist feature conflicts with the Referer whitelist feature (function: referer_white_list_set, feature ID: 1). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 5.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
refer_domain_deny_list
String
Yes
The domain names that you want to add to the Referer blacklist. You can specify multiple domain names. Separate the domain names with commas (,).
example.aliyundoc.com,demo.aliyundoc.com
allow_empty
String
No
Specifies whether requests with an empty Referer header can access resources on Alibaba Cloud CDN POPs. Valid values:
on
off
off
redirect_url
String
No
The redirect URL. If the Referer information in the request matches the information in the blacklist, the 403 status code is not returned after the request is blocked. In this case, the 302 status code and the Location header are returned. This parameter is the value of the Location header and starts with http:// or https://.
http://www.example.com
disable_ast
String
No
Specifies whether to enable exact match for domain names in the blacklist. Default value: off. If you set this parameter to on, exact match for domain names is enabled.
If you set this parameter to on, the following rules apply:
Exact match is supported.
If you add
example.com
to the blacklist,example.com
is matched.If you add
a*b.example.com
to the blacklist,a<Any characters>b.example.com
is matched.
Suffix match is not supported.
If you set this parameter to off, the following rules apply:
Exact match is not supported.
Suffix match is supported.
If you add
example.com
to the blacklist,example.com
and<Any characters>.example.com
are matched.If you add
a*b.example.com
to the blacklist,a<Any characters>b.example.com
and<Any characters>.a<Any characters>b.example.com
are matched.
off
ignore_scheme
String
No
Specifies whether to ignore the scheme parameter. Default value: off. After you enable this feature, if the Referer in the request does not have an HTTP or HTTPS header, the Referer is still considered valid. Example:
If you set this parameter to on, the Referer is in the following format:
referer: www.example.com
If you set this parameter to off, the Referer is in the following format:
referer: https://www.example.com
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "allow_empty", "argValue": "off" }, { "argName": "refer_domain_deny_list", "argValue": "example.aliyundoc.com,demo.aliyundoc.com" }], "functionName": "referer_black_list_set" }], "DomainNames": "example.com" }
aliauth
Feature description: configures URL signing. For more information, see Configure URL signing.
Feature ID (FunctionID/FuncId): 25.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
auth_m3u8
String
No
Specifies whether to enable M3U8 rewrite. M3U8 rewrite authenticates access to TS files. If M3U8 rewrite is disabled, access to TS files may be denied. Valid values: on and off. Default value: on.
on
auth_type
String
Yes
The signing type. Valid values:
no_auth: disables URL signing.
type_a: enables type A signing.
type_b: enables type B signing.
type_c: enables type C signing.
type_f: enables type F signing.
type_a
auth_key1
String
Yes
The cryptographic key 1. The key must be 16 to 128 characters in length and can contain letters and digits.
1234567890123456789
auth_key2
String
No
The cryptographic key 2. The key must be 16 to 128 characters in length and can contain letters and digits.
1234567890123456789
ali_auth_delta
Integer
No
The validity period of the encrypted URLs. Unit: seconds. Default value: 1800.
1800
req_auth_ip_white
String
No
The IP address whitelist. The IP addresses in the whitelist are not verified for authentication.
You can enter multiple IP addresses. Separate multiple IP addresses with commas (,).
192.168.0.1
req_auth_ip_acl_xfwd
String
No
The IP address verification mode. Valid values:
on: This is the default mode. This mode verifies only the client IP address. The client IP address is the first IP address in the XFF header in a client request.
off: This mode verifies only the IP address that is used by a client to connect to a POP.
all: This mode verifies the following IP addresses:
The first IP address in the XFF header, which is the client IP address.
The IP address that is used by a client to connect to a POP.
all
sign_param
String
No
The name of the signature parameter. This parameter takes effect only when the auth_type parameter is set to type_f.
sign
time_param
String
No
The name of the timestamp parameter. This parameter takes effect only when the auth_type parameter is set to type_f.
time
time_format
String
No
The format of the timestamp. This parameter takes effect only when the auth_type parameter is set to type_f.
dec: decimal.
hex: hexadecimal.
hec
path_encoding
String
No
Specifies whether to enable URL encoding. Valid values: on and off. This parameter takes effect only when the auth_type parameter is set to type_f.
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "auth_type", "argValue": "type_a" }, { "argName": "auth_key1", "argValue": "1234567890123456789" }, { "argName": "auth_key2", "argValue": "1234567890123456789" }, { "argName": "ali_auth_delta", "argValue": 1800 }, { "argName": "req_auth_ip_white", "argValue": "192.168.0.1" }, { "argName": "req_auth_ip_acl_xfwd", "argValue": "all" }{ "argName": "sign_param", "argValue": "sign" }, { "argName": "time_param", "argValue": "time", }, { "argName": "time_format", "argValue": "hec" }, { "argName": "path_encoding", "argValue": "on" }], "functionName": "aliauth" }], "domainNames": "example.com" }
cdn_remote_auth
Feature description: configures remote authentication. For more information, see Configure remote authentication.
Feature ID (FunctionID/FuncId): 258.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable remote authentication.
on
off
on
remote_auth_addr
String
Yes
The address of the authentication server. Valid formats:
https://cdn.aliyun.com/auth
andhttp://10.10.10.10/auth
.https://example.aliyundoc.com/auth
remote_auth_method
String
Yes
The request method. Valid values: get, post, and head.
get
remote_auth_type
String
Yes
The type of the authentication file. The value all specifies all types. Separate file types with vertical bars (|). The value is case-sensitive. For example, jpg is different from JPG.
all
remote_auth_reserve_args
String
Yes
The parameters that you want to retain. Separate parameters with vertical bars (|). The value is not case-sensitive. For example, key is equivalent to KEY.
all: retains all parameters.
ali_delete_all_args: deletes all parameters.
all
remote_auth_custom_args
String
No
The parameters that you want to add. Separate parameters with vertical bars (|). The value is case-sensitive. For example, key is different from KEY.
None
remote_auth_reserve_header
String
Yes
The request headers that you want to retain. Separate request headers with vertical bars (|). The value is not case-sensitive. For example, http_remote_addr is equivalent to HTTP_Remote_Addr.
all: retains all request headers.
ali_delete_all_headers: deletes all request headers.
all
remote_auth_custom_header
String
No
The request headers that you want to add. Separate multiple request headers with vertical bars (|). The value is not case-sensitive. For example, http_remote_addr is equivalent to HTTP_Remote_Addr.
None
remote_auth_success_code
Integer
Yes
The HTTP status code that is returned to Alibaba Cloud CDN when a request passes authentication. Example: 200. You can configure multiple HTTP status codes. Separate HTTP status codes with commas (,).
200
remote_auth_fail_code
Integer
Yes
The HTTP status code that is returned to Alibaba Cloud CDN when a request fails authentication. Example: 403. You can configure multiple HTTP status codes. Separate HTTP status codes with commas (,).
403,404
remote_auth_other_code_act
String
No
The operation to perform when the HTTP status code that is returned to Alibaba Cloud CDN does not indicate that a request passes or fails authentication. Valid values:
pass (default): Alibaba Cloud CDN allows the request.
reject: Alibaba Cloud CDN rejects the request.
pass
remote_auth_fail_resp_code
Integer
Yes
The HTTP status code that is returned by Alibaba Cloud CDN to users when a request fails authentication. For example, if you set this parameter to 403, Alibaba Cloud CDN returns the HTTP 403 status code to the user when the request fails authentication.
403
remote_auth_timeout
Integer
Yes
The authentication timeout period. Unit: milliseconds. Maximum value: 3000.
500
remote_auth_timeout_action
String
Yes
The action that is performed when authentication times out. Valid values:
pass: Alibaba Cloud CDN allows the request.
reject: Alibaba Cloud CDN returns the specified HTTP status code for authentication failures to the user.
pass
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "remote_auth_addr", "argValue": "https://example.aliyundoc.com/auth" }, { "argName": "remote_auth_method", "argValue": "get" }, { "argName": "remote_auth_type", "argValue": "all" }, { "argName": "remote_auth_reserve_args", "argValue": "all" }, { "argName": "remote_auth_custom_args", "argValue": "" }, { "argName": "remote_auth_reserve_header", "argValue": "all" }, { "argName": "remote_auth_custom_header", "argValue": "" }, { "argName": "remote_auth_success_code", "argValue": "200" }, { "argName": "remote_auth_fail_code", "argValue": "403" }, { "argName": "remote_auth_other_code_act", "argValue": "pass" }, { "argName": "remote_auth_fail_resp_code", "argValue": "403" }, { "argName": "remote_auth_timeout", "argValue": 500 }, { "argName": "remote_auth_timeout_action", "argValue": "pass" }], "functionName": "cdn_remote_auth" }], "DomainNames": "example.com" }
ip_allow_list_set
Feature description: configures an IP address whitelist. For more information, see Configure an IP address blacklist or whitelist.
Feature conflicts: The IP address whitelist feature conflicts with the IP address blacklist feature (function: ip_black_list_set, feature ID: 13). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 69.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ip_list
String
Yes
The IP addresses that you want to add to the blacklist. You can specify multiple IP addresses. Separate IP addresses with commas (,).
192.168.0.1/24
ip_acl_xfwd
String
No
Specifies whether to use the IP address in the X-Forwarded-For header for verification. Valid values:
on (default): uses the first IP address in the
X-Forwarded-For
request header for verification.off: uses the
IP address that is used to connect to the POP
for verification.all: uses both the first IP address in the
X-Forwarded-For request header
and theIP address that is used to connect to the POP
for verification.
all
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "ip_list", "argValue": "192.168.0.1/24" }], "functionName": "ip_allow_list_set" }], "DomainNames": "example.com" }
ip_black_list_set
Feature description: configures an IP address blacklist. For more information, see Configure an IP address blacklist or whitelist.
Feature conflicts: The IP address blacklist feature conflicts with the IP address whitelist feature (function: ip_allow_list_set, feature ID: 69). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 13.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ip_list
String
Yes
The IP addresses that you want to add to the blacklist. You can specify multiple IP addresses. Separate IP addresses with commas (,).
192.168.0.1
ip_acl_xfwd
String
No
Specifies whether to use the IP address in the X-Forwarded-For header for verification. Valid values:
on (default): uses the first IP address in the
X-Forwarded-For
request header for verification.off: uses the
IP address that is used to connect to the POP
for verification.all: uses both the first IP address in the
X-Forwarded-For request header
and theIP address that is used to connect to the POP
for verification.
all
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "ip_list", "argValue": "192.168.0.1" }], "functionName": "ip_black_list_set" }], "DomainNames": "example.com" }
ali_ua
Feature description: configures a User-Agent whitelist or blacklist. For more information, see Configure a User-Agent blacklist or whitelist.
Feature ID (FunctionID/FuncId): 58.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ua
String
Yes
The user agents that you want to add to the whitelist or blacklist. You can use asterisks (*) to match any characters and specify multiple values. Separate values with vertical bars (|). Example:
*curl*|*IE*|*chrome*|*firefox*
.*curl*|*IE*|*chrome*|*firefox*
type
String
Yes
The type of the list. Valid values:
black: a blacklist.
white: a whitelist.
NoteThe blacklist and whitelist are mutually exclusive. You can enable only one type of list.
black
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "ua", "argValue": "*curl*|*IE*|*chrome*|*firefox*" }, { "argName": "type", "argValue": "black" }], "functionName": "ali_ua" }], "DomainNames": "example.com" }
Performance optimization
tesla
Feature description: configures HTML optimization. For more information, see Enable HTML optimization.
Feature ID (FunctionID/FuncId): 16.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable HTML optimization. Valid values:
on
off
on
trim_js
String
No
Specifies whether to optimize the JavaScript code of HTML pages. Default value: off. Valid values:
on
off
off
trim_css
String
No
Specifies whether to optimize the CSS code of HTML pages. Default value: off. Valid values:
on
off
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "trim_css", "argValue": "off" }, { "argName": "trim_js", "argValue": "off" }], "functionName": "tesla" }], "DomainNames": "example.com" }
gzip
Feature description: configures Gzip compression. For more information, see Configure Gzip compression.
Feature ID (FunctionID/FuncId): 35.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable Gzip compression. Valid values:
on
off
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "gzip" }], "DomainNames": "example.com" }
brotli
Feature description: configures Brotli compression. For more information, see Configure Brotli compression.
Feature ID (FunctionID/FuncId):97.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable Brotli compression.
on
off
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "brotli" }], "DomainNames": "example.com" }
set_hashkey_args
Feature description: retains URL parameters. For more information, see Ignore parameters.
Feature conflicts: The URL parameter retaining feature conflicts with the URL parameter deleting feature (function: ali_remove_args, feature ID: 75). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 19.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
hashkey_args
String
No
The parameters that you want to retain. You can specify up to 10 parameters. Separate parameters with commas (,).
key1,key2
disable
String
Yes
Specifies whether to ignore all parameters. Default value: off. Valid values:
on: ignores all parameters. Only the Add rule takes effect.
off: does not ignore parameters. The Retain, Add, and Delete rules take effect.
NoteThe hashkey_args setting has a higher priority. Even if you set this parameter to on, the parameters that are specified by the hashkey_args parameter are retained.
on
keep_oss_args
String
Yes
Specifies whether to retain parameters during origin fetch. Valid values:
on: All parameters are retained during origin fetch.
off: Only the parameters that are specified in hashkey are retained.
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "hashkey_args", "argValue": "" }, { "argName": "keep_oss_args", "argValue": "on" }, { "argName": "disable", "argValue": "on" }], "functionName": "set_hashkey_args" }], "DomainNames": "example.com" }
ali_remove_args
Feature description: deletes URL parameters. For more information, see Ignore parameters.
Feature conflicts: The URL parameter deleting feature conflicts with the URL parameter retaining feature (function: set_hashkey_args, feature ID: 19). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 75.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ali_remove_args
String
Yes
The parameters that you want to delete. Separate multiple parameters with spaces.
NoteThe parameters that are retained are used as the URL parameters in hashkey.
test
keep_oss_args
String
Yes
Specifies whether to retain parameters during origin fetch. Valid values:
on: All parameters are retained during origin fetch.
off: Only the parameters that are specified in hashkey are retained.
off
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "ali_remove_args", "argValue": "test" }, { "argName": "keep_oss_args", "argValue": "off" }], "functionName": "ali_remove_args" }], "DomainNames": "example.com" }
image_transform
Feature description: configures image editing. For more information, see Overview.
Feature ID (FunctionID/FuncId): 239.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable image editing.
on
off
on
filetype
String
Yes
The image format that you want to convert. Separate multiple values with vertical bars (|). Valid values:
JPEG
JPG
PNG
WEBP
BMP
GIF
TIFF
JP2: JPEG 2000
jpg|jpeg|png
webp
String
No
Specifies whether to enable automatic conversion to WebP.
on
off
on
orient
String
No
Specifies whether to enable automatic rotation.
on
off
NoteThis feature takes effect only for images that carry rotation properties.
on
slim
Integer
No
The image compression rate. Valid values: 0 to 100. Image compression reduces data transfer without changing the resolution, size, or format of images.
10
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "filetype", "argValue": "jpg|jpeg|png" }, { "argName": "webp", "argValue": "on" }, { "argName": "orient", "argValue": "on" }, { "argName": "slim", "argValue": "" }, { "argName": "enable", "argValue": "on" }], "functionName": "image_transform" }], "DomainNames": "example.com" }
Video-related settings
range
Feature description: configures range origin fetch. For more information, see Range origin fetch.
Feature ID (FunctionID/FuncId): 31.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable range origin fetch. Valid values:
on: enables range origin fetch.
off: disables range origin fetch.
force: forcibly enables range origin fetch.
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "range" }], "DomainNames": "example.com" }
video_seek
Feature description: configures video seeking. For more information, see Video seeking.
Feature ID (FunctionID/FuncId): 30.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable video seeking. Valid values:
on
off
on
flv_seek_by_time
String
No
Specifies whether to enable video seeking by time for Flash Video (FLV) files. Valid values:
on
off
on
mp4_seek_start
String
No
Sets custom start parameters for MP4 files.
mp4starttime
mp4_seek_end
String
No
Set custom end parameters for MP4 files.
mp4endtime
flv_seek_start
String
No
Sets custom start parameters for FLV files.
flvstarttime
flv_seek_end
String
No
Set custom end parameters for FLV files.
flvendtime
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "video_seek" }], "DomainNames": "example.com" }
ali_video_split
Feature description: configures audio extraction. For more information, see Audio extraction.
Feature ID (FunctionID/FuncId): 204.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable audio extraction.
on
off
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "ali_video_split" }], "DomainNames": "example.com" }
ali_video_preview
Feature description: configures video preview. For more information, see Audio and video preview.
Feature ID (FunctionID/FuncId): 205.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable video preview.
on
off
NoteThe following file formats are supported: TS, MP3, FLV, and MP4.
on
ali_video_preview_argument
String
Yes
The custom preview parameter. Unit of this parameter: seconds.
fds
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "ali_video_preview_argument", "argValue": "fds" }], "functionName": "ali_video_preview" }], "DomainNames": "example.com" }
hls_token_rewrite
Feature description: configures M3U8 encryption and rewrite. For more information, see M3U8 encryption and rewrite.
Feature ID (FunctionID/FuncId): 253.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable M3U8 encryption and rewrite.
on
off
on
hls_token_arg_name
String
No
The custom parameter name for the HLS token. If you do not specify a name, MtsHlsUriToken is used as the name.
example
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "hls_token_rewrite" }], "DomainNames": "example.com", }
Security settings
tmd_signature
Feature description: configures rate limiting. For more information, see Configure rate limiting.
Feature ID (FunctionID/FuncId): 96.
ddos_domain
Feature description: configures DDoS mitigation. For more information, see Configure Anti-DDoS.
Feature ID (FunctionID/FuncId): 209.
ali_location
Feature description: configures a region blacklist. For more information, see Configure a region blacklist or whitelist.
Feature ID (FunctionID/FuncId): 57.
allowed_crawlers
Feature description: configures a crawler whitelist. For more information, see Configure WAF.
Feature ID (FunctionID/FuncId): 270.
To use this feature, submit a ticket.
threat_intelligence
Feature description: configures threat intelligence. For more information, see Configure WAF.
Feature ID (FunctionID/FuncId): 271.
To use this feature, submit a ticket.
intelligent_algorithm
Feature description: configures AI protection. For more information, see Configure WAF.
Feature ID (FunctionID/FuncId): 272.
To use this feature, submit a ticket.
Traffic throttling
limit_rate
Feature description: configures throttling for individual requests.
Feature ID (FunctionID/FuncId): 72.
The following table describes the parameters.
You can specify only the ali_limit_rate parameter or specify parameters that are carried in the request URL to configure throttling. You can also configure the start and end time for throttling.
You can configure throttling by specifying the traffic_limit_arg and traffic_limit_unit parameters that are carried in the request URL.
You can configure the start time and end time for throttling by specifying the ali_limit_start_hour and ali_limit_end_hour parameters.
Parameter
Type
Required
Description
Example
ali_limit_rate
String
Yes
The throttling rate for individual requests, such as 200 KB/s or 1 MB/s. The value can contain a number and a letter (k or m). The unit is byte/s.
The minimum value is 100k, and smaller values are rounded up to 100k.
1m: The throttling rate for individual requests is 1 MB/s.
100k: The throttling rate for individual requests is 100 KB/s.
ali_limit_rate_after
String
No
The threshold value based on which throttling is triggered. The value contains a number and an optional letter (k or m). The unit is byte.
1000
traffic_limit_arg
String
No
The name of the throttling parameter. Throttling is performed based on the value of the specified parameter in URLs. Sample parameter: rate.
If the request does not contain a throttling parameter, the throttling rate is the value of ali_limit_rate. If the request does not contain the throttling parameter, set ali_limit_rate to 0k to disable throttling.
rate
traffic_limit_unit
String
No
The unit of the throttling parameter traffic_limit_arg. Valid values: m (MB/s) and k (KB/s). If you set the value to m, the throttling rate is 1 MB/s when the rate that is carried in the request URL is 1.
The minimum value is 100k, and smaller values are rounded up to 100k.
m
ali_limit_start_hour
Integer
No
The point in time at which throttling starts. Valid values: 0 to 24. Default value: 0. The start time must be earlier than the end time.
NoteSpecify a time in the 24-hour format. The time must be on the hour. For example, 00:00:00 represents 0 o'clock and 24:00:00 represents 24 o'clock.
20
ali_limit_end_hour
Integer
No
The point in time at which throttling ends. Valid values: 0 to 24. Default value: 24. The end time must be later than the start time.
23
Example 1: Set the throttling rate for individual requests to 1 MB/s.
{ "Functions": [{ "functionArgs": [{ "argName": "ali_limit_rate", "argValue": "1m" }], "functionName": "limit_rate" }], "DomainNames": "example.com" }
Example 2: The default throttling rate for individual requests is 1 MB/s. If the request URL contains the rate parameter, the throttling rate is the value of the parameter. For example, if the rate parameter in a user request is 200, the throttling rate is 200 KB/s.
{ "Functions": [{ "functionArgs": [{ "argName": "ali_limit_rate", "argValue": "1m" },{ "argName": "traffic_limit_arg", "argValue": "rate" },{ "argName": "traffic_limit_unit", "argValue": "k" }], "functionName": "limit_rate" }], "DomainNames": "example.com" }
EdgeScript settings
edge_function
Feature description: configures EdgeScript. For more information, see EdgeScript overview.
Feature ID (FunctionID/FuncId): 180.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
rule
String
Yes
The domain-specific language (DSL) script.
if eq($uri, '/') {\n rewrite('https://example.com/index.html', 'redirect')\n}
pri
Integer
Yes
The priority. Valid values: 0 to 999. A smaller value indicates a higher priority.
NoteThe priorities of the head and foot execution positions are irrelevant to each other.
0
enable
String
Yes
Specifies whether to enable the script. Valid values:
on
off
on
name
String
Yes
The name of the script. The name can contain only letters and underscores (_).
test
pos
String
No
The position where you want to execute the script. Default value: head. Valid values:
head: The script is executed at the head of the pipeline.
foot: The script is executed at the foot of the pipeline.
head
brk
String
No
Specifies whether to skip other scripts after the current script is executed. Default value: off. Valid values:
on: After the current script is matched, the scripts after the specified position are skipped.
off: If the current script is matched, the system continues matching the request against other scripts.
off
option
String
No
The extension.
None
grammar
String
No
The syntax of the script. Valid values: es2 and js. Default value: es2.
/
jsmode
String
No
The JavaScript execution mode. Default value: bypass. Valid values:
redirect: block mode.
bypass: bypass mode.
/
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "name", "argValue": "test" }, { "argName": "rule", "argValue": "if eq($uri, '/') {\n rewrite('https://example.com/index.html', 'redirect')\n}" }, { "argName": "pri", "argValue": "0" }, { "argName": "pos", "argValue": "head" }, { "argName": "enable", "argValue": "on" }, { "argName": "brk", "argValue": "off" }, { "argName": "option", "argValue": "" }], "functionName": "edge_function" }], "DomainName": "example.com" }
EdgeRoutine settings
edgeroutine
Feature description: configures EdgeRoutine. For more information, see What is EdgeRoutine?
Feature ID (FunctionID/FuncId): 275.
To use this feature, submit a ticket.
Rules engine settings
condition
Feature description: configures rules in a graphical user interface. You can configure rules to identify user requests based on the parameters they carry to determine whether a configuration applies to the requests. This provides a more flexible and accurate method to manage configurations and policies that you set in Alibaba Cloud CDN. For more information, see Rules engine.
Feature ID (FunctionID/FuncId): 250.
To use this feature, submit a ticket.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
rule
Array
Yes
The content of a rule, including the name, status, logic operator, and conditional expression.
Rule content:
{\"match\":{\"logic\":\"and\",\"criteria\":[{\"matchType\":\"clientipVer\",\"matchObject\":\"CONNECTING_IP\",\"matchOperator\":\"equals\",\"matchValue\":\"v6\",\"negate\":false}]},\"name\":\"example\",\"status\":\"enable\"}
Fields
Name: example
Status: enable
Logic operator: and
Conditional expression: The protocol that is used by the client is IPv6.
The following table describes the parameters in argValue.
Parameter
description
\"match\":
match indicates a conditional match expression.
\"logic\":\"and\"
logic indicates the logical operator that is used to determine whether to match a rule. Valid values: and/or.
\"criteria\"
criteria indicates the specific condition in a conditional match expression.
\"matchType\":\"clientipVer\"
matchType indicates the type of information carried in the user request to match.
\"matchObject\":\"CONNECTING_IP\"
matchObject indicates a further division of the match type. For example, client IP addresses can be further divided into X-Forwarded-For (XFF) IP addresses and IP addresses that are used to connect to POPs.
\"matchOperator\":\"equals\"
matchOperator indicates the operator of the match.
\"matchValue\":\"v6\"
matchValue indicates a preset value to be matched against the information that is carried in the user request.
\"negate\":false
negate indicates whether to invert the result of a conditional expression. Valid values: true and false.
\"name\":\"example\"
name indicates the rule name.
\"status\":\"enable\"
status indicates the rule status.
Examples:
The following example shows how to call an API operation to add a rule for the
example.com
domain name to allow or block requests from clients that use IPv6 addresses. For more information, see Rules engine.{ "Functions": [{ "functionArgs": [{ "argName": "rule", "argValue": "{\"match\":{\"logic\":\"and\",\"criteria\":[{\"matchType\":\"clientipVer\",\"matchObject\":\"CONNECTING_IP\",\"matchOperator\":\"equals\",\"matchValue\":\"v6\",\"negate\":false}]},\"name\":\"example\",\"status\":\"enable\"}" }], "functionName": "condition" }], "DomainNames": "example.com" }
You can reference an added rule in the configurations of other features. For the list of features that can reference rules, see Rules engine. This allows you to flexibly and precisely control the execution of configuration policies in Alibaba Cloud CDN. For example, a rule can be referenced in the configuration of a conditional origin. The function is origin_dns_host. For information about the configuration example, see origin_dns_host. For information about the conditional origin feature, see Configure a conditional origin.
Note: If you want to reference a rule in the configurations of other features, set parentid to specify a created rule. The parentid is the ConfigId that is generated when you add a rule.
QUIC
quic
Feature description: configures QUIC. For more information, see Configure the QUIC protocol.
Feature ID (FunctionID/FuncId): 281.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
iquic_enable
String
Yes
Specifies whether to enable QUIC. Valid values:
on
off
on
Examples:
{ "Functions": [{ "functionArgs": [{ "argName": "iquic_enable", "argValue": "on" }], "functionName": "iquic" }], "DomainNames": "example.com" }