This topic describes how to create custom forwarding rules in common scenarios, such as configuring hotlink protection, whitelists, blacklists, request headers, response headers, rewrites, and redirects. This topic also provides sample scripts for the scenarios.
Hotlink protection
Configure custom authentication algorithms
Requirements
Request URL format:
/path/digest/?.tskey=&t=.For
.tsrequests, the requirements for configuring custom hotlink protection are:Rule 1: If the request does not contain the
torkeyparameter, the HTTP 403 status code is returned and theX-AUTH-MSGresponse header is added to indicate the cause of failure.Rule 2: The
tparameter specifies the absolute expiration time. If the time specified bytis earlier than the current time, the HTTP 403 status code is returned and theX-AUTH-MSGresponse header is added to indicate the cause of failure.Rule 3: Compare the
md5value with thedigestvalue. If themd5value does not match thedigestvalue, the HTTP 403 status code is returned.Value format of the md5 value:
Private key + Path + File name.extension.
Sample script
if eq(substr($uri, -3, -1), '.ts') { if or(not($arg_t), not($arg_key)) { add_rsp_header('X-AUTH-MSG', 'auth failed - missing necessary arg') exit(403) } t = tonumber($arg_t) if not(t) { add_rsp_header('X-AUTH-MSG', 'auth failed - invalid time') exit(403) } if gt(now(), t) { add_rsp_header('X-AUTH-MSG', 'auth failed - expired url') exit(403) } pcs = capture_re($request_uri,'^/([^/]+)/([^/]+)/([^?]+)%?(.*)') sec1 = get(pcs, 1) sec2 = get(pcs, 2) sec3 = get(pcs, 3) if or(not(sec1), not(sec2), not(sec3)) { add_rsp_header('X-AUTH-MSG', 'auth failed - malformed url') exit(403) } key = 'b98d643a-9170-4937-8524-6c33514bbc23' signstr = concat(key, sec1, sec3) digest = md5(signstr) if ne(digest, sec2) { add_rsp_header('X-AUTH-DEBUG', concat('signstr: ', signstr)) add_rsp_header('X-AUTH-MSG', 'auth failed - invalid digest') exit(403) } }
Configure User-Agent blacklists
Requirements: If a request carries the
User-Agentheader that starts withijkplayerorYsten, the HTTP status code 403 is returned.Sample script
if and($http_user_agent, match_re($http_user_agent, '^(ijkplayer|Ysten).*$')) { add_rsp_header('X-BLOCKLIST-DEBUG', 'deny') exit(403) }
Configure Referer whitelists
Requirements: If the
Refererheader of a request is nothttp[s]://***alibaba.com***, the HTTP 403 status code is returned.Sample script
if and($http_referer, match_re($http_referer, '^(http|https)://(.)+\.alibaba\.com.*$')) { return true } add_rsp_header('X-WHITELIST-DEBUG', 'missing') exit(403)
Blacklists and whitelists
Configure IP blacklists
Requirements: If a request is sent from
127.0.0.1or10.0.0.1, the HTTP 403 status code is returned.Sample script
if match_re($remote_addr, '127.0.0.1|10.0.0.1') { add_rsp_header('X-IPBLOCK-DEBUG', 'hit') exit(403) }
Custom request headers and response headers
Configure automatic file renaming
Requirements: If the
filenameparameter is specified, the file is automatically renamed the value specified by thefilenameparameter. If the filename parameter is not specified, the default filename is used.Sample script
if $arg_filename { hn = 'Content-Disposition' hv = concat('attachment;filename=', $arg_filename) add_rsp_header(hn, hv) }Example:
add_rsp_header('Content-Disposition', concat('attachment;filename=', tochar(34), filename, tochar(34)))NoteYou can add the response header
Content-Disposition:attachmentto HTTP responses to have the message body automatically downloaded. In addition, if a response carries thefilenameparameter, the file is automatically renamed the value offilename. If the response does not carry the filename parameter, the default name is used.The
filenamevalue enclosed in double quotation marks (" ") in ASCII can be converted to a string by using ToChar. The ASCII code for the double quotation marks (" ") is 34.
Output:
Content-Disposition: attachment;filename="monitor.apk"
Overwrite response headers
Requirements: Overwrite the response header
Content-Typ.Sample script
add_rsp_header('Content-Type', 'audio/mpeg')
Custom rewrites and redirects
Rewrite URIs
Requirements: Rewrite
/helloin user requests to/index.html. As a result, the URI of the back-to-origin request and the cached URI are changed to/index.html. Other parameters remain unchanged.Sample script
if match_re($uri, '^/hello$') { rewrite('/index.html', 'break') }
Rewrite file extensions
Requirements: Rewrite
/1.txtto/1.<URL parameter type>. For example,/1.txt?type=mp4can be rewritten to/1.mp4?type=mp4in back-to-origin requests and cached.Sample script
if and(match_re($uri, '^/1.txt$'), $arg_type) { rewrite(concat('/1.', $arg_type), 'break') }
Convert file extensions to lowercase letters
Requirements: Convert URI strings to lowercase letters.
Sample script
pcs = capture_re($uri, '^(.+\.)([^.]+)') section = get(pcs, 1) postfix = get(pcs, 2) if and(section, postfix) { rewrite(concat(section, lower(postfix)), 'break') }
Add a URI prefix
Requirements: Rewrite
^/nn_live/(.*)in user requests to/3rd/nn_live/$1.Sample script
pcs = capture_re($uri, '^/nn_live/(.*)') sec = get(pcs, 1) if sec { dst = concat('/3rd/nn_live/', sec) rewrite(dst, 'break') }
Perform 302 redirects
Requirements: Perform a 302 redirect from the
/root directory to/app/movie/pages/index/index.html.Sample script
if eq($uri, '/') { rewrite('/app/movie/pages/index/index.html', 'redirect') }
Perform a 302 redirect to HTTPS
Requirements
Redirect the following URIs that match the
^/$root directory to https://aliyun.com:http://rtmp.cdnpe.comhttps://rtmp.cdnpe.com
You can replace the URI to which you want to redirect with a custom value based on your business requirements.
Sample script
if eq($uri, '/') { rewrite('https://aliyun.com', 'redirect') }
Troubleshooting
Add x-request-id
Requirements: Generate an
x-request-idheader and add it to requests and responses to facilitate request tracking and error locating.Sample script:
requestid=md5(concat(rand(1, 10000), now())) add_req_header('x-request-id', requestid) add_rsp_header('x-request-id', requestid)