CDN:Functions and features

Category

Feature

Description

References

Basic settings

Change the acceleration region

You can change the acceleration region for a domain name that is accelerated by Alibaba Cloud CDN.

Configure an origin server

Alibaba Cloud CDN supports the following types of origin servers: Object Storage Service (OSS) domain names, IP addresses of origin servers, domain names of origin servers, and Function Compute domain names. You can specify one or more origin servers of each type and specify primary and secondary origin servers to balance loads.

IPv6

After you enable IPv6, clients can send requests to points of presence (POPs) over IPv6.

Origin fetch settings

Origin host

By default, the value of the HOST header in an origin request is the accelerated domain name. You can also specify a custom value for the HOST header.

Origin protocol

Alibaba Cloud CDN follows the protocol specified by the origin protocol policy to retrieve resources from an origin server. After you configure the origin protocol policy, POPs redirect requests based on the origin protocol policy. You can configure custom HTTP and HTTPS ports.

Access to private OSS buckets

If you use a private OSS bucket as the origin server of the accelerated domain name, the OSS bucket is protected from unauthorized access. In this case, we recommend that you enable access to the private OSS bucket for the accelerated domain name. This way, the distribution of private OSS bucket resources can be accelerated by Alibaba Cloud CDN.

Origin SNI

If the IP address of your origin server is associated with multiple domain names and requests are redirected to the origin server over HTTPS, you need to configure the Server Name Indication (SNI) feature. SNI specifies the domain name for which requests are destined. The origin server returns the corresponding SSL certificate based on the SNI.

Configure a timeout period for origin requests

You can configure a timeout period for origin HTTP requests to efficiently manage the connections between POPs and your origin server. If the timeout period for origin requests is too short, origin requests may fail when network connections are unstable. If the timeout period for origin requests is too long, failed requests will continue to occupy connections until they expire. This may cause normal requests to fail when the maximum number of connections to the origin server is reached. To ensure that requests can be redirected to the origin server as expected, we recommend that you configure the timeout period based on your network connectivity and the maximum number of connections that your origin server can handle.

Configure HTTP request headers

By default, Alibaba Cloud CDN supports request headers such as client IP addresses. You can also configure custom request headers. Alibaba Cloud CDN allows you to rewrite HTTP headers in origin requests. You can add, delete, change, or replace HTTP headers in origin requests based on your business requirements.

Configure origin HTTP response headers

If a requested resource is not cached on POPs or the cache expires, the POPs send a request to the origin server to obtain the latest resource. The headers in the HTTP message returned by the origin server are origin response headers. You can modify origin HTTP response headers to configure cache policies and cross-origin resource sharing (CORS). This improves the performance, security, and user experience of your website and effectively manages access to resources.

-

Common Name whitelist

POPs compare the certificate Common Name that is returned by the origin server with the server name indication (SNI) value that is included in an HTTPS request. If the SNI value does not match the Common Name, origin fetch fails. After you add the certificate Common Name to the whitelist, origin fetch succeeds even if the SNI value does not match the Common Name.

Advanced origin settings

You can configure advanced origin settings to redirect requests to different origin servers based on the request header, query string parameter, path, and request cookie.

301/302 redirection

The 301/302 redirection feature supports HTTP 301 and 302 status codes that are returned by the origin server. After you configure 301/302 redirection, POPs process the HTTP 301 or 302 status code that is returned by the origin server instead of returning the status code to clients. This simplifies request processing and accelerates content delivery.

Rewrite origin URLs

Alibaba Cloud CDN allows you to rewrite origin URLs. The URL rewrite feature functions on POPs without affecting the internal services of Alibaba Cloud CDN or the cache keys.

Parameter rewrite

Alibaba Cloud CDN allows you to rewrite URL parameters in requests before the requests are redirected to origin servers. You can ignore, add, delete, retain, and modify parameters.

Origin offload

Origin offload is an additional level that is added to the origin fetch architecture of Alibaba Cloud CDN: client > edge POP > central POP > origin offload > origin server. The optimized origin fetch architecture further reduces bandwidth consumption, increases cache hit ratios, offloads traffic from origin servers, and improves website performance and user experience.

-

Origin server group

You can configure multiple origin groups. Each origin group can contain multiple primary and secondary origin servers. The origin server group feature can be used with the rules engine feature to redirect requests to different origin servers based on different conditions.

-

Conditional origin

The conditional origin feature can be used with the rules engine feature to filter user requests based on specific conditions. Requests that meet the conditions are redirected to the specific origin server. You can add multiple rules so that requests can be redirected to different origin servers based on the rules.

Cache settings

TTL

Time-to-live (TTL) is the amount of time that a resource is cached on POPs. When the TTL of a cached resource ends, the resource on the POPs expires. Requests that attempt to access expired resources are redirected to the origin server. Alibaba Cloud CDN retrieve the most recent resources from the origin server and cache them on POPs.

Status code expiration rule

When POPs retrieve resources from origin servers, the origin servers return HTTP status codes to the POPs. Alibaba Cloud CDN allows you to create cache rules for HTTP status codes returned from origin servers. When clients request the same resource, the POPs return the status code instead of redirecting requests to the origin server. This reduces loads on origin servers. After a cached HTTP status code expires, requests that trigger the code are redirected to the origin server.

Configure an HTTP response header

HTTP response headers are a component of the header section in response messages that are transmitted over HTTP. HTTP response headers deliver specific parameters to clients to manage caching. You can configure custom HTTP response headers. This way, Alibaba Cloud CDN can return the configured response headers to clients to implement features such as cross-origin resource sharing (CORS).

Customize an error page

After you create a custom error page, when the requested content does not exist or an error occurs, the POP returns the custom error page instead of the default error page. A custom error page improves user experience and allows users to view more user-friendly error prompts.

Request URL rewrite

If the directory of a resource on the origin server changes, the directory of the resource on POPs also changes. If the request URL to the resource does not change, POPs need to rewrite the request URL and redirect the request to the destination path. This reduces the number of origin requests and improves client access performance.

Create custom cache keys

You can create rules to generate cache keys based on different parts of HTTP requests, such as URIs, request parameters, HTTP request headers, and custom variables. You can also use this feature to convert URLs for the same resource into the same cache key. This improves the cache hit ratio, and reduces the number of requests that are redirected to the origin server, response time, and bandwidth usage.

Cache sharing

After you configure cache sharing, accelerated domain names in the same Alibaba Cloud account can share resources that are cached on POPs. If origin servers of different domain names store a large number of common resources, such as images, CSS files, and JavaScript files, you can configure cache sharing. This way, the domain names can share the common resources to reduce the bandwidth usage and increase the resource hit ratio for the domain names. This improves the acceleration performance of Alibaba Cloud CDN and reduces origin traffic.

-

HTTPS settings

SSL certificate

Alibaba Cloud CDN supports HTTPS secure acceleration. You can deploy an SSL certificate in the Alibaba Cloud CDN console and enable HTTPS secure acceleration to encrypt requests between clients and POPs.

HTTP/2 settings

HTTP/2, originally named HTTP/2.0, is the first new version of HTTP since HTTP/1.1. HTTP/2 supports binary framing, multiplexing, and header compression. This protocol improves web performance and reduces network latency.

Force redirect

You can configure the URL redirection feature to forcibly redirect requests from clients to POPs to HTTPS.

TLS version control

When a client initiates a request to a POP, the POP responds to the request and initiates a Transport Layer Security (TLS) handshake by using the configured TLS version to ensure communication security. If the client does not support the version, the connection cannot be established. To ensure a balance between outdated browser compatibility and security, you can configure a TLS version based on your business requirements. An earlier TLS version supports more browsers but degrades the security. A later TLS version enhances the security but may restrict access from outdated browsers.

HSTS

After you configure HTTP Strict Transport Security (HSTS), clients such as browsers can establish only HTTPS connections to POPs. This improves security.

OCSP Stapling

The Online Certificate Status Protocol (OCSP) stapling feature allows POPs to cache the revocation status of SSL certificates and return the information to clients. Clients do not need to query the revocation status of SSL certificates from certificate authorities (CAs). This speeds up certificate validation and accelerates the access.

Access control

Hotlink protection

Referer-based hotlink protection refers to access control based on the Referer header. For example, you can configure a Referer whitelist to allow only specific requests to access your resources or a blacklist to block specific requests. Referer-based hotlink protection identifies and filters user identities, and protects your resources from unauthorized access. After you configure a Referer whitelist or blacklist, Alibaba Cloud CDN allows or blocks requests based on user identities. If a request is allowed, Alibaba Cloud CDN returns the URL of the requested resource. If a request is blocked, Alibaba Cloud CDN returns the HTTP 403 status code.

URL signing

By default, content distributed by Alibaba Cloud CDN is publicly available. Users can access the content by using URLs. If you want to prevent your resources from hotlinking and unauthorized access, you can use Referer whitelist and blacklist, IP address whitelist and blacklist, and URL signing to regulate access control. URL signing adds signature strings and timestamps to URLs to enhance access control.

IP address blacklist and whitelist

An IP address blacklist or whitelist filters user requests, and blocks or allows requests from specific IP addresses. The IP list feature can restrict access sources and protect POPs from IP theft and attacks.

User-Agent blacklist or whitelist

User-Agent is an HTTP header. The header contains information about the client that makes the request, including the OS, OS version, browser, and browser version. You can configure a User-Agent blacklist or whitelist to restrict access to Alibaba Cloud CDN resources and improve service security.

Remote authentication

If you have your own authentication server, you can configure remote authentication to forward user requests to your authentication server for authentication.

Performance optimization

HTML optimization

The HTML optimization feature allows Alibaba Cloud CDN to automatically remove redundant content from web pages, such as comments and additional whitespace characters in HTML pages, CSS code, and JavaScript code. This reduces file sizes, accelerates content delivery, and improves website readability.

Gzip compression

After you enable the Gzip compression feature, Alibaba Cloud CDN POPs use Gzip compression to compress resources before the resources are returned to clients. The Gzip compression feature reduces file sizes, accelerates file distribution, and reduces bandwidth consumption.

Brotli compression

Brotli is a new open source compression algorithm that provides better performance than Gzip. After you enable Brotli compression, POPs compress resources before the resources are returned to clients. This reduces file sizes, accelerates file distribution, and reduces bandwidth consumption.

Ignore parameters

If you enable parameter filtering, POPs remove the parameters that follow the question mark (?) in request URLs. These parameters contain information such as the user identity and request source. The original URLs are used as the cache keys.

Image editing

In various business contexts, you may need to resize, crop, rotate, or compress images from content sharing websites. However, initiating an origin request for each image processing task can substantially increase the number of origin requests and the cache size on POPs. Alibaba Cloud CDN provides the image editing feature, which allows you to edit images and cache the edited images on POPs. This accelerates content delivery, reduces loads on origin servers, and lowers origin traffic.

Video-related settings

Range origin fetch

If a request that is redirected from a POP to the origin server includes the Range header, the origin server returns the content that is specified by the Range header to the POP. This process is called range origin fetch. Range origin fetch accelerates content delivery by increasing cache hit ratios, reduces origin traffic and loads on origin servers, and speeds up site response.

Video seeking

Video seeking allows users to seek to a specific position without compromising the playback quality when they play video or audio content.

Audio extraction

After you enable the audio extraction feature, POPs extract audio data from a video file and then return only the audio data to clients. This reduces bandwidth and traffic usage.

Audio and video preview

After you enable the audio and video preview feature, POPs return only audio and video data of a specified duration during preview. This allows you to preview audio and video files.

M3U8 encryption and rewriting

After you enable M3U8 encryption and rewrite, Alibaba Cloud CDN can rewrite M3U8 files that are transmitted over HTTP Live Streaming (HLS). After an M3U8 file is rewritten, encryption parameters are appended to the #EXT-X-KEY tag of the file. The encryption parameters include the encryption algorithm, key URI, and authentication parameters. After a client receives an M3U8 file that is rewritten by Alibaba Cloud CDN, the client uses the key URI that carries authentication parameters to initiate a request. The request retrieves the key from the POP. Then, the client uses the encryption algorithm and key to decrypt transport stream (TS) files.

Traffic throttling

Bandwidth cap

You can configure bandwidth caps to prevent unexpected high bills that are caused by malicious attacks or fraudulent traffic.

Programmable CDN

EdgeScript

EdgeScript (ES) allows you to customize Alibaba Cloud CDN configurations by running scripts if the standard configurations in the Alibaba Cloud CDN console cannot meet your business requirements.

Resource monitoring

Traffic and bandwidth

Monitors the bandwidth and network traffic of accelerated domain names. You can query monitoring data by region, ISP, and protocol. The following protocols are supported: HTTP, HTTPS, QUIC, IPv4, and IPv6.

-

Origin fetch statistics

Monitors the origin bandwidth and traffic of accelerated domain names.

-

Number of requests/QPS

Monitors the number of requests and queries per second (QPS) of accelerated domain names. You can query monitoring data by region, ISP, and protocol. The following protocols are supported: HTTP, HTTPS, QUIC, IPv4, and IPv6.

-

HTTPCode

Monitors the HTTP status codes returned from POPs. The HTTP status codes include 2xx, 3xx, 4xx, and 5xx.

-

HTTP status codes (origin fetch)

Monitors the HTTP status codes, including 2xx, 3xx, 4xx, and 5xx, returned from origin servers.

-

Hit ratio

Monitors the byte hit ratios and request hit ratios of accelerated domain names.

-

Real-time monitoring

Basic data

Monitors the bandwidth, network traffic, number of requests, and QPS of accelerated domain names.

-

Origin traffic

Monitors the origin bandwidth and traffic of accelerated domain names.

-

Quality monitoring

Monitors the cache hit ratio, byte hit ratio, HTTP status codes 2xx, 3xx, 4xx, and 5xx for accelerated domain names.

-

QUIC

QUIC

The Quick UDP Internet Connections (QUIC) protocol provides the same level of security as TLS or SSL but supports lower connection and transmission latency. If you want to improve content delivery efficiency and ensure data transmission security, enable QUIC.

EdgeScript monitoring

EdgeScript status

After you configure a script for an accelerated domain name, you can view the status of the script.

-

EdgeScript exceptions

After you configure a script for an accelerated domain name, you can view the exceptions that occur during script execution and the error codes that are returned.

-

Content management

Refresh resources based on URLs

After resources on your origin server are updated, you can submit the URLs of the updated resources. Then, Alibaba Cloud CDN refreshes the resources that are cached on POPs. This ensures that visitors can retrieve up-to-date resources from POPs.

Refresh resources based on directories

After resources on your origin server are updated, you can submit the directories of the updated resources. Then, Alibaba Cloud CDN refreshes the resources that are cached on POPs. This ensures that visitors can retrieve up-to-date resources from POPs.

Resource refresh based on regular expressions

A URL that contains a regular expression can be submitted in a refresh task. Alibaba Cloud CDN refreshes all URLs that match the regular expression. This feature enables targeted refresh.

Prefetch resources based on URLs

The prefetch feature allows you to prefetch resources from the origin server and cache them on POPs during off-peak hours. This eases the pressure on your origin server and improves user experience.

Tools and services

Query the IP address

After you add an origin server to Alibaba Cloud CDN, you can use the IP address check feature to check whether the IP address that the client accesses belongs to a POP and determine whether the acceleration takes effect.

URL diagnostics tool

If you encounter issues such as page loading failures or page errors when you use Alibaba Cloud CDN, you can use the self-service diagnostics tool to diagnose the issues. The diagnostics tool provides diagnosis results. You can modify configurations of Alibaba Cloud CDN or submit a ticket based on the results.

Function Compute trigger

You can add, delete, update, and query Function Compute triggers.

-

Rules engine

Rules engine

The rules engine provides a graphical user interface that simplifies how you configure rules. You can configure rules to identify user requests based on the parameters that the requests carry. This helps determine whether a configuration applies to a request, and provides a more flexible and accurate method to manage the configurations and policies that you configure in Alibaba Cloud CDN.

Domain name management

Add/delete/query domain names

You can add, delete, and query domain names.

-

Domain name transfer

You can transfer domain names to other accounts.

-

Upgrade from Alibaba Cloud CDN to DCDN for a domain name

You can upgrade from Alibaba Cloud CDN to DCDN for a domain name.

-

Verify the ownership of a domain name

You need to verify the ownership of a domain name when you add a domain name.

-

Category

Feature

Description

References

Operations reports

PV/UV

Allows you to query page views (PVs) and unique visitors (UVs) of accelerated domain names by time.

Top Client IPs

Displays the top client IP addresses based on the domain name, region, or date that you specify. You can rank IP addresses by network traffic or the number of requests.

-

Regions and ISPs

Displays the distribution of visitors by region and Internet service provider (ISP). You can select regions in or outside the Chinese mainland and specify a time period for the query.

-

Popular Referer Headers

Displays the network traffic, traffic proportion, number of requests, and request proportion of frequently requested Referer headers.

-

Popular URLs

Displays the network traffic, traffic proportion, number of requests, and request proportion of frequently requested URLs based on the domain name, HTTP status code, or date that you specify.

-

Popular Back-to-origin URLs

Displays the network traffic, traffic proportion, number of requests, and request proportion of frequently requested origin URLs based on the domain name, HTTP status code, or date that you specify.

-

Domain Name Ranking

Displays the rank, traffic proportions, peak traffic or bandwidth values, peak time, and number of visits for each accelerated domain name.

-

Create a tracking task

An operations report consists of the following metrics: PV/UV, Regions and ISPs, Domain Names, Popular Referer Headers, Popular URLs, Popular Back-to-origin URLs, and Top Client IPs. You can create a custom operations report and a tracking task based on your business requirements. After you create a tracking task, Alibaba Cloud CDN sends operations reports to the email address that you specified. You can learn about the status of accelerated domain names by analyzing the content of operations reports.

-

Offline logs

Download offline logs

Alibaba Cloud CDN collects domain access logs on an hourly basis. You can download the daily log data of a domain name collected in the last 30 days to your local PC for further analysis.

Use Function Compute to deliver logs

You can use Function Compute to deliver logs. When Alibaba Cloud CDN generates new offline logs, Function Compute triggers a preset function to deliver the logs to Object Storage Service (OSS) in an automatic and serverless manner.

-

Real-time logs

Delivery of real-time logs

The real-time log delivery feature allows you to collect logs of accelerated domain names in a region in real time and deliver the logs to Simple Log Service for analysis. This helps you monitor your business and identify service issues efficiently.

Data statistics

When you use Alibaba Cloud CDN, a large amount of network log data is generated. The real-time log delivery feature allows you to collect the logs that are generated by POPs in real time and deliver the logs to Simple Log Service. Then, you can consume the logs in Simple Log Service to monitor your business and identify business issues in an efficient manner.

-

Category

Feature

Description

References

Resource usage

Query resource usage

You can query resource usage of specific domain names. You can set different filter conditions to query specific usage information, including bandwidth values, network traffic, and the number of HTTPS or QUIC requests. You can query information by accelerated domain name, time range, and billable region.

Summarize resource usage

Alibaba Cloud CDN allows you to summarize resource usage data of all your accelerated domain names by day or by month. Usage data is categorized based on billable items and exported to a PDF file.

Export resource usage data

Alibaba Cloud CDN allows you to export the resource usage data of all your accelerated domain names by day or by month. Usage data is categorized based on billable items and exported to a PDF file.

Export billing details

Alibaba Cloud CDN allows you to export billing details by domain name, time, and account to an on-premises machine. You can check the resource usage details in the exported file.

Query the details of resource plans

Alibaba Cloud CDN allows you to query the details of resource plans that you have purchased on the Resource Plans page, such as the total capacity, remaining capacity, and expiration time.

Metering method

Query the metering method

Log on to the Alibaba Cloud CDN console. You can view the current metering method on the right side of the Overview page.

-

Change the metering method

You can change the metering method from pay-by-peak-bandwidth or pay-by-monthly-95th-percentile-bandwidth to pay-by-data-transfer in the Alibaba Cloud CDN console.

Category

Feature

Description

References

Tools

Query the IP address

You can check whether an IP address belongs to a POP, the IP address of a POP, the status of the IP address of a POP, and the IP address of a POP in the staging environment.

Self-service diagnostics tool

If you encounter issues such as page loading failures or page errors when you use Alibaba Cloud CDN, you can use the self-service diagnostics tool to diagnose the issues. The diagnostics tool provides diagnosis results. You can modify configurations of Alibaba Cloud CDN or submit a ticket based on the results.

CloudMonitor

CloudMonitor is a service that monitors Alibaba Cloud resources and Internet applications. It is an all-in-one service that supports both monitoring and alerting.

-

Video and image editing on POPs

Image editing

In various business contexts, you may need to resize, crop, rotate, or compress images from content sharing websites. However, initiating an origin request for each image processing task can substantially increase the number of origin requests and the cache size on POPs. Alibaba Cloud CDN provides the image editing feature, which allows you to edit images and cache the edited images on POPs. This accelerates content delivery, reduces loads on origin servers, and lowers origin traffic.

Category

Feature

Description

References

SSL certificates

Configure a certificate

Alibaba Cloud CDN supports HTTPS secure acceleration to encrypt requests between clients and POPs. If your SSL certificate is purchased from Certificate Management Service, you can deploy the certificate for multiple domain names in Alibaba Cloud CDN to enable HTTPS secure acceleration.