Secure Dynamic Route for CDN (DCDN) is an upgrade service for DCDN. Secure DCDN uses the content distribution capabilities of DCDN and integrates edge security features, such as DDoS mitigation, HTTP flood protection, access control, Web Application Firewall (WAF), and bot management. Secure DCDN provides edge security and content delivery for various sectors, such as public services, finance, media, retail, and transportation.

Enable secure DCDN

If you need an all-in-one service for edge security and content delivery, you can apply to enable secure DCDN by using the following methods:

  1. Apply to enable secure DCDN: Submit an application.
  2. Select the billing method: After your application is approved, log on to the DCDN console and select Secure DCDN-Hourly Traffic as the billing method. Then, the related secure features are enabled.
    Note All secure DCDN features are sold as a resource plan. If you want to use some features that are described in Features, you must select a billing method for Secure DCDN.

Billing methods

Compared with DCDN, secure DCDN provides more edge security features. Therefore, the overall price of secure DCDN is higher than the price of DCDN.

For more information about billing, see DCDN pricing-Secure DCDN.

Note
  • Independent billing method.

    Secure DCDN is separately billed and no longer follows the original billing methods of DCDN.

  • Monthly minimum consumption commitment

    If your actual consumption is less than your monthly consumption commitment, the bill is generated based on the monthly consumption commitment. For more information about pricing, consult your Alibaba Cloud sales manager.

Scenarios

Industry Requirement
E-commerce
  • Accelerate the delivery of static and dynamic content about goods.
  • Resolve common issues, such as slow response and high loads on origin servers, during flash sales and promotional events.
  • Mitigate DDoS attacks to ensure service availability.
  • Prevent bots from crawling goods information or making malicious purchases during sales promotions.
  • Secure user accounts.

Typical cases: e-commerce platforms, airline companies, and online travel agency (OTA) platforms.

Finance
  • Ensure a superior user experience and smooth interactions in all geographic areas regardless of the devices that are used.
  • Support elastic scaling to meet the increasing number of requests from different regions.
  • Ensure fast, stable, and secure online payments.
  • Mitigate DDoS attacks to ensure service availability.
  • Secure user accounts.

Typical cases: online banking, e-wallet, mobile securities, and financial supermarkets.

Public sector
  • Refresh cache in a timely manner.
  • Handle traffic spikes and large numbers of concurrent requests during important events.
  • Maintain website credibility by preventing content tampering.
  • Mitigate DDoS attacks to ensure website accessibility.
  • Prevent vulnerability exploitation and data leakage.

Typical cases: public services and non-profit organizations.

Media
  • Cache a large amount of image and text content.
  • Accelerate page loading to improve user experience.
  • Refresh cache and update outdated content in a timely manner.
  • Deliver personalized content to gain the interest of readers.
  • Support a larger number of concurrent requests to view or download videos.
  • Secure payment accounts.
  • Prevent content leakage and data theft caused by issues, such as web crawlers, hotlinking, and video piracy.

Typical cases: digital media publishers, self-publishing media, and news websites.

Key features

  • Static and dynamic content delivery

    DCDN can identify dynamic and static content. Static content is cached on edge nodes. Dynamic content is distributed by using intelligent routing and protocol optimization. This improves the page loading speed and reduces costs.

  • Edge security
    Secure DCDN builds a comprehensive security system to protect your business from attacks, tampering, and overloading based on more than 2,800 edge nodes distributed across the globe.
    • Application layer security: Edge nodes are integrated with WAF to protect your business from the threats that are identified by Open Web Application Security Project (OWASP) and HTTP flood attacks. This facilitates bot traffic management and reduces loads on origin servers.
    • Network layer security: Edge nodes can intelligently detect DDoS attacks and use the features of Anti-DDoS Pro or Premium to mitigate DDoS attacks.
    • Data link layer security: Secure DCDN provides independent nodes to ensure that the resources that are deployed on these nodes are isolated. HTTPS encryption is used to secure data transfer. Secure DCDN also checks node consistency to prevent content tampering.
    • Edge availability: Secure DCDN allows you to specify secondary origin servers and supports primary/secondary failover, monitoring, alerting, and the offline mode to further ensure the availability of origin servers.
    • Compliance: Alibaba Cloud has obtained 97 certificates of compliance. Among these certificates, DCDN has obtained 47 certificates, including ISO27001, Payment Card Industry Data Security Standard (PCI DSS), and General Data Protection Regulation (GDPR).

Features

Feature category Description
Content delivery

Inherits all acceleration features of DCDN.

DCDN accelerates the delivery of static and dynamic content. Static content can be cached on edge nodes, and dynamic content can be retrieved from the origin server over an optimal route. This ensures high-speed access and service stability and improves user experience.

Application layer protection Access control Supports hotlink protection based on the Referer header, URL authentication, IP address whitelist or blacklist, and User-Agent (UA) whitelist or blacklist.
HTTPS settings Supports SSL certificate management, HTTP/2, force redirect, Transport Layer Security (TLS) version control, HTTP Strict Transport Security (HSTS), keyless solutions, and the SM cipher suite.
Edge WAF WAF is a security service that is powered by big data technologies of Alibaba Cloud Security. WAF can protect your services from common attacks that are identified by OWASP and data leakage and ensure the security and availability of your services.
Rate limiting Uses an exclusive rate limiting engine and blocks malicious requests based on default or custom policies. This ensures the stability of your services and prevents HTTP flood attacks.
Bot traffic management Supports crawler whitelist, threat intelligence, and AI protection. This feature detects advanced crawlers and minimizes the impacts of crawlers and automation tools on your business.
Region blacklist or whitelist Allows you to configure a region blacklist to block requests from IP addresses in specific regions. This improves the security of your services.
Precise access control Allows you to specify match conditions based on common HTTP fields to filter user requests and perform specified actions on requests that match the conditions. You can add different match conditions to meet the protection requirements in different scenarios.
Network layer protection Sandbox-free If your website is under HTTP flood attacks, secure DCDN mitigates the HTTP flood attacks without using sandboxes. This solution protects your services without degrading the performance of secure DCDN.
DDoS mitigation Secure DCDN is integrated with Anti-DDoS to identify and mitigate DDoS attacks by using automatic traffic scheduling. We recommend that you use DDoS mitigation together with exclusive resource plans.
IP blacklist Allows you to configure a blacklist to temporarily or permanently block up to millions of IP addresses.
Other features Service summary reports Provides comprehensive and periodic service reports about traffic, bandwidth, back-to-origin traffic and bandwidth, number of requests, cache hit ratios, HTTP status codes, and statistics collected by region.
Offline mode If an origin server fails, edge nodes can respond to requests by using cached content. This ensures the availability of your services.
Tamper-proof Prevents content fetched from origin servers from being tampered with and ensures data consistency during transmission.
Origin protection Provides the IP addresses of edge nodes during back-to-origin routing. You can add the IP addresses to the whitelist for the origin server or origin server firewall to reinforce protection.
IPv6 Supports the IPv6 feature and addresses IPv6 performance issues.
Centralized resource management solution Provides a centralized resource management solution for companies with a complex organizational structure. This facilitates resource management for large companies.
Certificates of compliance Obtains certificates of compliance, such as ISO27000, PCI DSS, and GDPR.
Exclusive services Provides publish and transition period, emergency response, and hosting services.