All Products
Search
Document Center

CDN:Configure default origin host

Last Updated:Jun 09, 2026

By default, the Host header in origin requests sent by CDN is the accelerated domain name. This feature allows you to customize the value of the Host header for these requests.

About default origin hosts

If you serve different static resources from multiple accelerated domain names, a common approach is to set up a separate origin server for each domain.

However, maintaining multiple servers is inefficient, especially for accelerated domain names with low origin traffic. You can solve this problem by using virtual hosting.

Virtual hosting

Virtual hosting allows a single web server to host multiple websites. The server distinguishes and isolates websites by using different domain names or hostnames. When a user requests a specific domain name or hostname, the server routes the request to the matching virtual site and returns the corresponding content.

Nginx implementation

Nginx uses server blocks to configure multiple virtual sites. The following example shows a basic configuration:

server {
    listen      80;
    server_name example.org www.example.org;
    ...
}

server {
    listen      80;
    server_name example.net www.example.net;
    ...
}

server {
    listen      80;
    server_name example.com www.example.com;
    ...
}

This configuration defines three virtual sites: example.org, example.net, and example.com. Nginx matches the Host header with the server_name to select the correct virtual site. If no match is found, Nginx serves content from the default virtual site. If a default site is not explicitly configured, the first server block becomes the default.

Default origin host

When you access a URL, the Host header in the request defaults to the host and port of the URL. CDN overrides this default by setting the Host header to the accelerated domain name. You can customize this default value based on the virtual hosting configuration of your origin server.

The origin server must be configured to use the Host header to route requests to different virtual sites. Otherwise, this feature will not function correctly.

Important

When your origin server uses the HTTPS protocol, in addition to configuring the default origin host, you typically also need to configure Default Origin SNI. If the origin host and origin SNI are configured inconsistently (for example, HOST is set to the origin domain name while SNI is set to the accelerated domain name), SSL handshake failures or origin server errors may occur. We recommend setting both the origin host and origin SNI to the same domain name (typically the origin domain name or the accelerated domain name, which must match the origin server certificate and virtual host configuration). In the console, "Default Origin Host" and "Default Origin SNI" are two separate configuration items.

Procedure

  1. Log on to CDN console.

  2. In the left-side navigation pane, choose Domain Names.

  3. Find the target accelerated domain and click Manage in the Actions column.

  4. In the left-side navigation pane, choose Origin Fetch.

  5. In the Default Origin Host section, click Modify.

  6. Turn on the Origin Host switch and select a Domain Type.

Origin configuration

Parameter

Description

Accelerated Domain Name

Sets the origin host to the accelerated domain name.

Origin Domain

Sets the origin host to the origin server domain name. If the origin server is specified by an IP address, this option is dimmed and unavailable. If the origin server is an OSS domain, the feature is automatically enabled and the Origin Host is set to Origin Domain.

Custom

Sets the origin host to a custom domain that you specify. Make sure that the custom domain name is bound to your origin server. Otherwise, origin requests fail. Use this option if your origin server is bound to multiple domain names and you need to fetch resources from a specific one.

Important

When your origin server uses the HTTPS protocol, you must also configure Default Origin SNI on the same Origin Fetch page. We recommend setting Origin Host and Default Origin SNI to the same domain name (typically the origin domain name) to avoid SSL handshake failures or origin server rejections. For example, if Origin Host is set to the origin domain name but Default Origin SNI is set to the accelerated domain name, the origin server's certificate verification may fail.

  1. Click OK.

Configuration examples

By default, this feature is disabled. You can enable it manually.

Example 1: The origin server is specified by a domain name

Configuration:

  • Accelerated domain name: image.example.com

  • Origin server address: source.example.com

Each Domain Type has the following behavior:

  • Accelerated Domain Name: When CDN performs a origin request, it retrieves resources from the virtual site image.example.com on the origin server source.example.com.

  • Origin Domain: When CDN performs a origin request, it retrieves resources from source.example.com.

  • Custom: The origin host is the custom domain that you entered. When CDN performs a origin request, it retrieves resources from the virtual site for the custom domain on the source.example.com host.

Example 2: The origin server is specified by an IP address

Configuration:

  • Accelerated domain name: example.com

  • Origin server address: 10.10.10.10

Each Domain Type has the following behavior:

  • Accelerated Domain Name: When CDN performs a origin request, it retrieves resources from the virtual site for example.com on the host 10.10.10.10.

  • Origin Domain: This option is unavailable because the origin server is an IP address.

  • Custom: When CDN performs a origin request, it retrieves resources from the virtual site of the custom domain on the 10.10.10.10 host.

Example 3: The origin server is an OSS domain

Configuration:

  • Accelerated domain name: example.com

  • Origin server address: example.oss-cn-hangzhou.aliyuncs.com

When the origin server is an OSS domain, CDN automatically enables the feature and sets the Origin Host to Origin Domain. Each Domain Type has the following behavior:

  • Accelerated Domain Name: When CDN performs a origin request, it retrieves resources from the example.com site on the example.oss-cn-hangzhou.aliyuncs.com OSS domain.

  • Origin Domain: When CDN performs a origin request, it retrieves resources from the OSS domain example.oss-cn-hangzhou.aliyuncs.com.

  • Custom: When CDN performs a origin request, it retrieves resources from the virtual site for the custom domain on your example.oss-cn-hangzhou.aliyuncs.com site.

FAQ

What should I do if I get 404, 500, 502, or 403 errors when accessing the accelerated domain name after configuring the default origin host?

Follow these troubleshooting steps:

  • Check whether the origin host configuration matches the origin server virtual host configuration. If your origin server uses the Host header to distinguish between virtual sites (such as Nginx server_name), make sure the default origin host configured in the CDN console matches the domain name expected by the origin server. Console navigation: Domain Names > Domain Name List > Select the target domain > Origin Fetch (sub-tab) > In the Origin Host section, click Modify, and in the dialog box, set the Domain Type to the origin domain name or the accelerated domain name.

  • Check whether the origin server is blocking CDN node IPs. If the origin host is correctly configured but errors persist, check whether your origin server's security policy is blocking CDN node IPs, or whether the origin server firewall or security group is rejecting requests from CDN.

  • Check the IIS host header configuration. If your origin server runs IIS and has a specific host header configured, the Host field in CDN origin requests must match that host header. Otherwise, IIS may return 403 or 404 errors. If IIS does not have a specific host header set (allowing direct IP access), no special configuration is needed, but it is best practice to configure the correct host header to match the CDN origin host.

  • Purge the CDN cache. If an error response (such as a 404 from the origin) was previously cached by CDN edge nodes, you must purge the CDN cache after modifying the origin host configuration to clear the cached error response. Navigate to Purge and Prefetch > Purge Cache, select the purge type (URL/Directory/Regex), and submit the purge task.

What should I do if I get ERR_TOO_MANY_REDIRECTS or 502 errors after configuring the default origin host and SNI?

ERR_TOO_MANY_REDIRECTS is typically caused by both CDN and the origin server being configured with HTTPS forced redirection, creating a redirect loop. 502 errors usually indicate that the origin protocol or port is misconfigured (for example, the origin server listens on a non-standard port). Follow these steps:

  • Disable HTTPS forced redirection on the origin server. Log in to your origin server management panel (such as Baota Panel), find the HTTPS settings, and disable the "Force HTTPS" or "HTTP to HTTPS redirect" option.

  • Verify that the origin host and origin SNI are correctly configured. On the CDN console's Origin Fetch page, make sure that "Origin Host" and "Default Origin SNI" are set to the correct domain names (typically the origin domain name) and that both values are consistent.

  • Check and adjust the origin protocol and port. Make sure the CDN origin protocol (HTTP or HTTPS) and port match the origin server's actual configuration. If the origin server only listens on a specific port (such as port 8080 for HTTP), configure the corresponding origin port in the CDN origin server settings.

  • Purge the CDN cache. After adjusting the configuration, purge the CDN cache to clear any cached redirect or error responses.

How do I verify that the Host header in CDN origin requests matches my expectations?

Use the following methods:

  • Confirm that the request goes through CDN. In your browser developer tools Network panel, check whether the Remote Address of your request to the accelerated domain name is an Alibaba Cloud CDN node IP, confirming that the request passes through the CDN acceleration path. Accessing via the accelerated domain name confirms the acceleration state.

  • Check the Host header in the origin server access logs. Log in to your origin server and view the access logs (such as Nginx access.log). Confirm that the Host header value in the CDN origin request matches the default origin host configured in the CDN console. For example, if your configured origin host is source.example.com, the Host header value in the origin server log for the corresponding origin request should also be source.example.com.

  • Be aware that CDN passes through the client original request path unchanged. If you have not configured the "Rewrite Origin URI" feature in the console, CDN by default passes through the client original request path without adding prefixes or suffixes. If the origin path does not match the origin server expectations, configure URI rewriting on the Origin Fetch page.

What should I do if I get 403 Forbidden errors when using Cloudflare, WAF, or other security services as the origin?

When your origin server uses security services such as Cloudflare or WAF, 403 Forbidden errors typically occur because the origin host does not match the Host header expected by the origin security service, causing the security policy to block the request. Follow these steps:

  • Set the default origin host to the domain actually bound to the origin server. In the CDN console, set Origin Host to the domain name actually bound to the origin server (not the accelerated domain name), ensuring it matches the origin server's certificate and virtual host configuration.

  • Ensure domain consistency in the WAF configuration. If the origin server uses a WAF (such as Alibaba Cloud WAF or Cloudflare), ensure that the Host header in CDN origin requests matches the protection domain configured in the WAF. Otherwise, the WAF blocks the request due to a domain mismatch.

  • Check origin server access logs. Log in to the origin server or security service management panel, review the access logs, and confirm whether requests from CDN node IPs are being blocked. Check the blocking reason to identify the specific security rule.

  • Purge the CDN cache. After modifying the configuration, purge the CDN cache to clear any cached 403 error responses.

What should I do if page redirects fail or some resources are inaccessible after CDN acceleration?

This issue may occur when the origin server relies on URL parameters or a specific Host header for routing or redirect logic, and CDN's default behavior causes parameter loss or Host header mismatch. Follow these steps:

  • Check the URL parameter settings in cache rules. In the CDN console's cache configuration, check whether the "Ignore URL Parameters" feature is enabled. If the origin server relies on URL parameters for redirects or logic decisions, enabling this feature may cause parameter loss. Consider disabling "Ignore URL Parameters" or selecting "Retain Specified Parameters" to preserve the parameters required by the origin server.

  • Set the origin host to the domain expected by the origin server. Set Origin Host to the accelerated domain name or the domain expected by the origin server, ensuring the origin server can correctly identify the request Host header and handle redirect logic.

  • Perform a directory or URL purge. After modifying the configuration, perform a directory purge or URL purge on the CDN console's Purge and Prefetch page to apply the new configuration.