To enhance the security of your origin server, you can obtain the back-to-origin IP addresses of Alibaba Cloud CDN nodes and add them to a whitelist. If your origin server uses a firewall or security software that requires an IP whitelist, this ensures that your origin server accepts requests only from Alibaba Cloud CDN.
Alibaba Cloud CDN dynamically assigns IP addresses to nodes for origin fetch, so these addresses change over time. Do not configure a fixed list of back-to-origin IP addresses on your origin server. A hardcoded list will become stale and cause origin fetch failures.
Get the current IP list
Call the DescribeL2VipsByDomain operation to retrieve the latest back-to-origin IP addresses for your domain, then add them to the whitelist on your origin server.
Only users with a daily peak bandwidth of 1 Gbps or higher can call this operation. If you meet this requirement, submit a ticket to request the required permission.