You can configure a Referer whitelist or blacklist to specify whether Referer headers with empty values are allowed to access your resources. You can use the Referer header to control access to resources and protect websites from unauthorized access.

Background information

  • By default, hotlink protection is disabled.
  • After you add a domain name to the referer whitelist or blacklist, the wildcard domain name that the domain name matches is automatically added to the whitelist or blacklist. For example, if you add to the whitelist or blacklist, the domain name that takes effect is * Hotlink protection takes effect on all domain names that match *

The Referer header is a component of the header section in HTTP requests and carries information about the source address, including the protocol, domain name, and query string. Referer is used to identify the source of a request.

You can configure a referer whitelist or blacklist to identify the sources of requests that are sent to Alibaba Cloud Dynamic Route for DCDN nodes, and determine whether to allow the requests to access your resources. If a request is allowed, DCDN returns the URL of the requested resource. If a request is not allowed, DCDN returns an HTTP 403 status code.



  1. Log on to the DCDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the domain name that you want to manage, and click Configure in the Actions column.
  4. In the left-side navigation pane on the details page of the specified domain name, click Access Control.
  5. On the Hotlink Protection tab, turn on Hotlink Protection.
  6. Select Blacklist or Whitelist based on your business requirements.
    Configure a referer whitelist or blacklist to enable hotlink protection
    Parameter Description
    • Blacklist

      Requests from the domain names in the blacklist cannot access the current resource.

    • Whitelist

      Only requests from the domain names in the whitelist are allowed to access the current resource.

    Note Blacklists and whitelists are mutually exclusive. You can configure only one of them.
    • You can add multiple domain names to the Referer whitelist or blacklist. Separate domain names with carriage return characters.
    • You can use an asterisk (*) to specify wildcard domain names. For example, if you specify .*, and match the wildcard domain name.
    Allow resource URL access from browsers. If you select this check box, requests that have empty referer values or do not carry the referer field, such as requests sent from browsers, are allowed to access the requested resource regardless of the referer whitelist or blacklist.
  7. Click OK.