Edge Security Acceleration (ESA) is a brand-new upgrade independent from Dynamic Content Delivery Network (DCDN). If you are using DCDN or Alibaba Cloud CDN right now and want to upgrade to ESA, you can directly set up your website on ESA and configure the DNS settings to complete the upgrade.
Feature comparison
Given that the design architecture of ESA features is different from that of DCDN and CDN features, the following tables provide the feature mappings between the services to help you quickly get started with ESA.
Basic settings
Feature | Description | CDN | DCDN | ESA |
Change the service location | You can change the CDN service location for your website. | |||
Configure an origin server | You can specify an Object Storage Service (OSS) bucket domain, IP address, origin domain, or Function Compute/Edge Routine domain as your origin address. | DNS records (You can add DNS records to configure origin servers of different types.) | ||
IPv6 | You can enable IPv6 support for requests that are sent to POPs and to origin servers. | IPv6 for client requests | IPv6 for client requests | IPv6 (support for requests both to POPs and to origin servers) |
Domain name management
Feature | Description | CDN | DCDN | ESA |
Add/query/delete a domain name | You can add, query, and delete domain names as needed. | |||
Transfer a domain name | You can transfer a domain name between Alibaba Cloud accounts. | |||
Verify domain ownership | The first time you add a domain name, you must verify your ownership of the domain. |
|
Origin settings
Feature | Description | CDN | DCDN | ESA |
Origin host | You can specify a custom HOST header in origin requests. |
| ||
Origin protocol | You can define the protocol that POPs use to retrieve content from the origin server. |
| ||
Content retrieval from private OSS buckets | You can configure a private OSS bucket as your origin server. | |||
Origin SNI | If the IP address of your origin server is associated with multiple domain names and requests are redirected to the origin server over HTTPS, you can configure the Server Name Indication (SNI) feature. SNI specifies the domain name for which requests are destined. The origin server returns the corresponding SSL certificate based on the SNI. | |||
Origin HTTP request timeout | To ensure that requests can be redirected to the origin server as expected, you can configure the timeout period based on your network connectivity and the maximum number of connections that your origin server can handle. | |||
HTTP request header | You can rewrite HTTP headers in origin requests based on your business requirements. | Modify request headers (in a transform rule) | ||
HTTP response header | You can modify origin HTTP response headers and configure cache policies and cross-origin resource sharing (CORS) to improve the performance, security, and user experience of your website and effectively manage access to resources. | Modify response headers (in a transform rule) | ||
Common Name whitelist | After you add the certificate Common Name to the whitelist, origin fetch succeeds even if the SNI value does not match the Common Name. | Unavailable | ||
Advanced origin settings | You can configure advanced origin settings to redirect requests to different origin servers based on the request header, query string parameter, path, and request cookie. | DNS rules (You can create an origin rule to specify a hostname to override the resolved hostname of incoming requests.) | ||
Follow 301/302 redirects | After 301/302 redirect is configured, the HTTP 301 or 302 status code that is returned from the origin server is processed by POPs instead of being returned to clients. This streamlines request processing and accelerates content delivery. | |||
Rewrite origin URLs | You can rewrite URLs in requests that are redirected to the origin server. | Rewrite URLs (in a transform rule) | ||
Rewrite URL parameters in origin requests | You can add, retain, modify, ignore, and delete URL parameters in requests before the requests are redirected to the origin server. | |||
Origin groups | You can configure multiple origin groups. Each origin group can contain multiple primary and secondary origin servers. | |||
Conditional origin | You can configure the conditional origin feature to filter user requests based on specific conditions. Only requests that meet the conditions are redirected to the specific origin server. | Unavailable | DNS rules (You can create an origin rule to allow only requests that match your specified conditions to reach the origin server.) |
Cache settings
Feature | Description | CDN | DCDN | ESA |
Cache TTL | You can specify how long resources can be cached on POPs. |
| ||
Status code cache TTL | You can configure a cache TTL for HTTP status codes, which enables the system to directly return an HTTP status code when the same resource is requested. This reduces the origin strain. After a cached HTTP status code expires, requests that trigger the status code are redirected to the origin server. | |||
HTTP response headers | You can configure HTTP response headers to enable the system to return the configured HTTP headers. This helps implement features such as cache behavior control and cross-origin resource sharing (CORS). | Modify response headers (in a transform rule) | ||
Custom error pages | After you create a custom error page, if the requested content does not exist or an error occurs, POPs return the custom error page instead of the default error page. This can improve user experience by providing users with user-friendly and functional error messages. | Get started with Edge Routine (You can create a custom routine to personalize the error page that the system presents to your visitors.) | ||
Rewrite request URLs | If a resource on the origin server is relocated, the URL of the resource that is cached on POPs is accordingly adjusted. If a user request carries an outdated URL, POPs rewrite the URL and redirect the request to the new URL. This reduces the number of origin requests and enhances user access performance. | Rewrite URLs (in a transform rule) | ||
Custom cache keys | You can use a custom cache key to group similar requests. This allows the cache to serve the requests with the same cached resource. Using custom cache keys increases the cache hit ratio and reduces origin requests, response time, and bandwidth usage. | |||
Cache sharing | With cache sharing, multiple accelerated domains in the same Alibaba Cloud account can share resources that are cached on points of presence (POPs). This increases the cache hit ratio, reduces the bandwidth usage and origin traffic. | Unavailable | Expected to be available in June 2025 |
HTTPS settings
Feature | Description | CDN | DCDN | ESA |
SSL certificates | By deploying an SSL certificate in the console, you can encrypt requests between clients and POPs. | |||
HTTP/2 | HTTP/2, formerly HTTP/2.0, is the first new version of HTTP since HTTP/1.1. HTTP/2 supports binary framing, multiplexing, and header compression. This protocol improves web performance and reduces network latency. | Protocol optimization (HTTP/2) | ||
Force redirect | You can forcibly redirect client requests from HTTP to HTTPS. | |||
TLS version control | To ensure a balance between outdated browser compatibility and security, you can configure a TLS version based on your business requirements. An earlier TLS version supports more browsers but degrades the security. A later TLS version enhances the security but may restrict access from outdated browsers. | |||
HSTS | With HTTP Strict Transport Security (HSTS) configured, clients can establish only HTTPS connections to POPs, which improves security. | |||
OCSP stapling | Online Certificate Status Protocol (OCSP) stapling allows POPs to cache the revocation status of SSL certificates and return the information to clients. Clients do not need to query the revocation status of SSL certificates from certificate authorities (CAs). This speeds up certificate validation and accelerates the access. |
Access control
Feature | Description | CDN | DCDN | ESA |
Referer-based hotlink protection | You can configure a Referer whitelist or blacklist to restrict access to your resources. After you configure a Referer whitelist or blacklist, the system allows or rejects requests based on user identities. | Configure a Referer whitelist or blacklist to enable hotlink protection | Custom rules (You can create a custom WAF rule to configure a Referer blacklist or whitelist.) | |
URL signing | You can add signature strings and timestamps to URLs. This protects your resources from being maliciously downloaded. | Get started with Edge Routine (You can use the URL signing type A/B/C template in Edge Routine to configure URL signing.) | ||
IP address blacklist/whitelist | An IP address blacklist or whitelist filters user requests, and blocks or allows requests from specific IP addresses. This feature can restrict access sources and protect POPs from IP theft and attacks. | Custom rules (You can create a custom WAF rule to configure an IP address blacklist or whitelist.) | ||
User-Agent blacklist/whitelist | User-Agent is an HTTP header. It contains information about the client that makes a request, such as the operating system (OS), browser, and browser version. You can configure a User-Agent blacklist or whitelist to restrict access to resources and improve service security. | Custom rules (You can create a custom WAF rule to configure a User-Agent blacklist or whitelist.) | ||
Remote authentication | You can configure this feature to forward user requests to the specified authentication server for authentication. | Unavailable | Get started with Edge Routine (You can create a custom routine to configure remote authentication.) |
Performance optimization
Feature | Description | CDN | DCDN | ESA |
HTML optimization | With HTML optimization enabled, the system can automatically remove redundant content from web pages, such as comments and unnecessary whitespace characters in HTML pages, JavaScript code, and CSS code. This reduces file sizes, accelerates content delivery, and improves website readability. | Get started with Edge Routine (You can create a custom routine to configure HTML optimization.) | ||
Gzip compression | You can enable Gzip compression to reduce the file size, improve transmission efficiency, and reduce bandwidth consumption. |
| ||
Brotli compression | Brotli is a new open source compression algorithm that provides better performance than Gzip. After you enable Brotli compression, POPs compress resources before the resources are returned to clients. This reduces file sizes, accelerates file distribution, and reduces bandwidth consumption. |
| ||
Ignore query parameters | You can specify whether POPs ignore the parameters that follow the question mark ( | |||
Image editing | You can resize, crop, rotate, or compress images and cache the edited images on POPs. This efficiently accelerates content retrieval and reduces origin strain. |
Video-related settings
Feature | Description | CDN | DCDN | ESA |
Range origin fetch | You can specify the Range header when POPs request resources from the origin server. The origin server then only needs to return a portion of the specified range. This accelerates content distribution, increases the cache hit ratio, and reduces origin traffic. | |||
Video seeking | The video seeking feature enables users to navigate through video or audio content by dragging the playback progress bar without compromising the playback quality. | |||
Video extraction | You can extract audio data from a video and then return only the audio data to clients. This reduces bandwidth and traffic usage. | Unavailable | Unavailable | |
Audio or video preview | The audio and video preview feature allows POPs to return only audio and video data of a specified duration. This allows you to preview audio and video files. | Unavailable | ||
M3U8 encryption and rewrite | After you enable M3U8 encryption and rewrite, the system can rewrite M3U8 files that are transmitted over HTTP Live Streaming (HLS). After an M3U8 file is rewritten, encryption parameters are appended to the specified tag of the file. | Unavailable |
Resource monitoring
Feature | Description | CDN | DCDN | ESA |
Traffic and bandwidth | The system displays the bandwidth and traffic usage of an accelerated domain by region, ISP, or protocol. |
| ||
Requests and QPS | You can view the number of requests and queries per second (QPS) for an accelerated domain to gain insights into its access data in various dimensions. | |||
HTTP status codes | The system displays HTTP status code details of an accelerated domain to help you analyze the domain's responses. | |||
Origin fetch statistics | The system provides the origin bandwidth and traffic of an accelerated domain. | Cache analytics (You can query the origin fetch statistics of a domain by filtering requests that are served by the origin server on the Cache Analytics page.) | ||
HTTP status codes (origin requests) | You can view the HTTP status codes that are returned from the origin server. | |||
Hit ratios | The system displays the byte hit ratios and request hit ratios of an accelerated domain. | N/A | ||
Real-time monitoring of basic data | The system displays the bandwidth, traffic, number of requests, and QPS of an accelerated domain. |
| ||
Real-time origin traffic monitoring | The system displays the origin bandwidth and traffic of an accelerated domain. | Cache analytics (You can query the origin fetch statistics of a domain by filtering requests that are served by the origin server on the Cache Analytics page.) | ||
Real-time quality monitoring | The system displays the request hit ratio, byte hit ratio, and HTTP status codes of an accelerated domain. |
|
Operations reports
Metric | Description | CDN | DCDN | ESA |
PV/UV | Allows you to query page views (PV) and unique visitors (UV) of an accelerated domain by time. |
| ||
Top Client IPs | Displays the top client IP addresses based on the domain name, region, or date that you specify. You can rank IP addresses by network traffic or the number of requests. | |||
Regions and ISPs | Displays the distribution of visitors by region and ISP. You can select regions in or outside the Chinese mainland and specify a time period for the query. | |||
Popular Referer Headers | Displays the network traffic, traffic proportion, number of requests, and request proportion of frequently requested Referer headers. | |||
Popular URLs | Displays the network traffic, traffic proportion, number of requests, and request proportion of frequently requested URLs based on the domain name, HTTP status code, or date that you specify. | |||
Popular Back-to-origin URLs | You can view the network traffic, traffic proportion, number of requests, and request proportion of frequently requested origin URLs based on the domain name, HTTP status code, or date that you specify. | |||
Domain Names | You can view the rank, traffic proportions, peak traffic or bandwidth values, peak time, and number of visits for each accelerated domain. | |||
Custom operations reports and tracking tasks | You can create a custom operations report and a tracking task based on your business requirements. After you create a tracking task, the system sends operations reports to the email address that you specified. You can learn about the status of accelerated domains by analyzing the content of operations reports. |
Purge and prefetch
Feature | Description | CDN | DCDN | ESA |
Purge by URL | You can purge cached resources that exactly match the URLs you specify. | |||
Purge by directory | You can purge all cached content within specific directories. | |||
Purge by URL with regular expressions | You can submit URLs that contain regular expressions in a purge task. The system purges resources from all URLs that match the regular expressions. This improves the efficiency of URL-based purge. | Options that are equivalent to regular expression-based purge: | ||
URL prefetch | You can prefetch popular resources from the origin server to POPs. This eliminates the need to retrieve them from the origin server and improves user experience. |
Tools
Feature | Description | CDN | DCDN | ESA |
IP address check | You can check whether the actual IP address that clients access belongs to a POP and determine whether the acceleration takes effect. | |||
URL diagnostics | If you encounter issues such as page loading failures or page errors, you can use the self-service diagnostics tool for diagnosis. | Unavailable | Unavailable |
Resource usage and bill query
Feature | Description | CDN | DCDN | ESA |
Query resource usage | You can query resource usage data of an accelerated domain by different filter conditions, including traffic, bandwidth, HTTPS requests, and billable region. | |||
Summarize resource usage | You can view the summary of the total resource usage of all accelerated domains. | Unavailable | ||
Export resource usage data | You can export the resource usage data of all accelerated domains. | Unavailable | ||
Export billing details | You can export billing details by domain name, time, and account to your local PC. | Unavailable | ||
Query the details of resource plans | You can query the details of resource plans that you have purchased on the Resource Plans page, such as the total capacity, remaining capacity, and expiration time. | N/A (no resources plans are involved) | ||
Query the billing details | You can view the billing details. | Website management and Query plan usage (You can query the plan that is in use and its usage details.) | ||
Change the metering method | You can change the metering method or plan that is in use as needed. |
Other features
Feature | Description | CDN | DCDN | ESA |
Bandwidth cap | You can configure bandwidth caps to prevent unexpected high bills that are caused by traffic surges. | Unavailable | ||
Edge scripts | You can use edge scripts to customize configurations if the standard configurations in the service console cannot meet your business requirements. | |||
QUIC protocol | Quick UDP Internet Connections (QUIC) is a new transport layer protocol that offers security equivalent to common protocols, but with reduced connection and transport latency. | Protocol optimization HTTP/3 (QUIC) | ||
View the edge script running status | You can view the running status of edge scripts. |
| ||
View EdgeScript exceptions | You can view exceptions that occur during the execution of scripts and error codes that are returned. | |||
Rules | With the rules, you can create rules in a GUI. The system checks whether to apply a specific configuration to incoming requests based on request parameters defined in the rules. This allows for more flexible and precise control. | Unavailable | Rules (a brand-new, comprehensive version) | |
Download standard logs | Domain access logs are collected on an hourly basis. You can download the logs of a specific domain on a specific day within 30 days to your local PC for analysis. | |||
Deliver standard logs | You can use Function Compute to deliver logs. When new standard logs are generated, Function Compute automatically triggers a preset function to deliver the logs to OSS. | Unavailable | Create a real-time log delivery task (The feature of delivering standard logs is outdated. You can use the delivery of real-time logs instead.) | |
Deliver real-time logs | The real-time log delivery feature allows you to collect logs of accelerated domain names in a region in real time and deliver the logs to Simple Log Service (SLS) for analysis. This helps you monitor your business and identify service issues efficiently. | |||
Data statistics | You can collect logs that are generated by POPs in real time and deliver them to SLS for storage and analysis. This helps you monitor your business and identify service issues efficiently. |
|