Get started with Alibaba Cloud CDN - CDN - Alibaba Cloud Documentation Center

This topic describes the working mechanism of CDN, as well as key configurations and their functionalities, to help you quickly activate and configure CDN.

In this topic, www.example.com is used as the domain name, and 10.10.10.1 is the corresponding IP address.

Working mechanism

If you are new to CDN, we recommend that you spend a few minutes to read this section. If you are already familiar with the working mechanism of CDN, you can skip this section.

How CDN accelerates content delivery

When you enter a URL in a browser, almost instantly, a web page, image, video, or audio file appears on your screen. This process involves a complex set of software and hardware parsing and forwarding operations. The following part breaks down a simple example request to demonstrate how CDN accelerates content delivery.

Request process without CDN

A client accesses the www.example.com domain to obtain an image. The browser cannot directly resolve the IP address of the server that hosts the image from the domain name. In this case, the browser first queries a DNS server to obtain the IP address 10.10.10.1 that is mapped to the domain name. Then, the browser uses the IP address to locate the server and fetches the required image.

Note

A domain name is like the name of a person, and an IP address is the address of the person. Just like you need to use the name of a person to look up the address of the person, a network request uses a domain name to find the relevant IP address.
A DNS server acts as a large database that stores mappings between domain names and IP addresses. For more information about DNS servers and domain names, see Terms.

Request process with CDN

As the number of requests destined for images by using www.example.com increases, the server may respond increasingly slowly due to factors such as the server configuration and network environment. This is where CDN comes in. It provides an effective solution to accelerate response time.

CDN works as a cache system that sits between the server and client in the network topology. When a client initiates a request to CDN, the system first checks whether the requested image is cached. If yes, the cached image is directly returned to the browser. If no, CDN requests the image from the server, caches it, and then sends the response to the client that initiated the request.

Note

Accelerating content delivery is only the basic feature of CDN. For more information about CDN and its advanced features, see What is CDN?
CDN accelerates content delivery beyond the server architecture. Therefore, no impacts on the server are imposed and no business code modifications are required.
The actual request process is much more complex. The simplified process in this topic is intended only to explain how CDN works.

Get started

Compared with other acceleration methods, CDN does not require any modifications to the business code of the server. You can enable content delivery acceleration with only a few configurations. This section describes how to configure CDN by using the preceding example domain name and IP address.

Note

Before you add a domain name to CDN, complete the following operations:

Step 1: Add a domain name and origin server

Configure a domain name
To enable acceleration for your domain name, you must add your domain name to CDN.
Add a domain name
1. Log on to the CDN console.
2. In the left-side navigation pane, click Domain Names.
3. Click Add Domain Name. In the Specify Domain Name Information step, configure Region, Domain Name to Accelerate, and Business Type. Keep the default settings for other parameters.
Note
Domain Name to Accelerate: the website or resource domain name that you want CDN to speed up for end user access. In this example, www.example.com is specified.
Region: the service location where you want CDN to speed up the domain name. Select a service location based on your business requirements. In this example, Chinese Mainland Only is selected.
Business Type: the business type. Select a type based on your business requirements. In this example, Image and Small File is selected.
For more information about the configuration items, see Step 1: Configure business information.
Verify the domain ownership
To make sure that the domain name you added belongs to you, CDN needs to verify the ownership of the domain name. If you have previously completed the verification or the verification prompt is not displayed when you configure the domain name, skip this step.
Verify the domain ownership
Important
Do not close the Verification page before the verification is complete.
Use a DNS record (recommended)
On the verification page, click the Method 1: DNS Settings tab and record the values of the Host and Value parameters.
Add a TXT record in the system of your DNS provider. The following example shows how to add a TXT record to Alibaba Cloud DNS. You can use similar methods to add TXT records to other DNS providers, such as Tencent Cloud and Xinnet.
Configure a TXT record
Log on to the Alibaba Cloud DNS console.
On the DNS resolution page, find the root domain example.com and click DNS Settings in the Actions column.
Click Add DNS Record. In the dialog box that appears, select TXT for Record Type parameter, set Hostname and Record Value to the values that are obtained in Step 1. Keep the default settings for other parameters.
Click OK.
Note
A root domain is the main address of a website. It is the most basic level of a website's online presence. All webpages, email servers, and other services are built on a root domain. For example, in shop.example.com and blog.example.com, example.com is the root domain, and "shop." and "blog." are subdomains that extend the functionality of the root domain.
After the TXT record takes effect, go to the CDN console and click Verify.
If the domain name fails the verification, check whether the TXT record is entered correctly. Wait for the TXT record to take effect and try again. In the following examples, the domain name www.example.com is used to check whether the TXT record is valid.
Windows
Open Command Prompt in Windows and run the nslookup -type=TXT verification.example.com command. You can check whether the TXT record is valid based on the output.
macOS or Linux
Open Terminal in macOS or Linux and run the nslookup -type=TXT verification.example.com command. You can check whether the TXT record is valid based on the output.
Note
In the nslookup command, you must replace the hostname in the domain name with "verification". For example, if the domain name is help.aliyun.com, enter verification.aliyun.com in the nslookup command.
If you add a TXT record, the TXT record immediately takes effect. If you modify a TXT record, the amount of time that is required for the update to take effect is based on the time to live (TTL). The default TTL is 10 minutes.
If nslookup is not installed on Linux, run the yum install bind-utils command on CentOS or the apt-get install dnsutils command on Ubuntu to install nslookup.
Upload a verification file
On the verification page, click the Method 2: Verification File tab.
Download the verification.html file.
Upload the verification file to the root directory on the server of the root domain. The server can be an Elastic Compute Service (ECS) instance, an Object Storage Service (OSS) bucket, a Cloud Virtual Machine (CVM) instance, a Cloud Object Storage (COS) instance, or an Elastic Compute Cloud (EC2) instance. For example, if the domain name is www.example.com, you need to upload the file to the root directory of example.com.
After you make sure that the verification file is accessible from http://example.com/verification.html, click Verify.
CDN accesses http://example.com/verification.html on your server for verification.
If the record value in the file is the same as the record value in the verification file, the verification is successful.
Otherwise, the verification fails. Make sure that the preceding URL is accessible and that the uploaded file is valid.
Set up an origin server
An origin server is a web server on which you run your business. You need to configure the origin information. This way, CDN can retrieve resources from your origin server when the requested resources are not cached.
Set up an origin server
1. After you configure the business information for the domain name, click Add Origin Server in the Origin Servers section.
2. In the Add Origin Server dialog box, select the type of the origin and enter the origin address.
3. Configure the Port parameter based on the port number of your origin. If you do not know the port number of your origin or you do not have any special requirements, keep the default setting.
Note
In this example, 10.10.10.1 is used as the IP address of the origin server.
If you want to speed up the distribution of resources stored in an OSS bucket, select OSS Domain for Origin Info.
If the resource that you want to accelerate is deployed on an ECS instance, select IP for Origin Info and enter the public IP address of the ECS instance.
If the resource that you want to accelerate is hosted on a server and cannot be accessed by using an IP address, select Site Domain for Origin Info and enter the domain name of the origin server. The origin domain name must be different from the accelerated domain name. Otherwise, a DNS resolution loop occurs, and requests cannot be redirected to the origin server.
If the resource that you want to accelerate is an Alibaba Cloud Function Compute instance, select Function Compute Domain for Origin Info. Then, select the region and domain name as needed.
For more information about the configuration items, see Set up origin servers.
For information about the best practices of using CDN for OSS, see Use CDN to accelerate the delivery of resources from OSS buckets.
Verify the domain name
After you add a domain name to CDN, we recommend that you test whether the domain name is accessible before you update the CNAME record of the domain name. This ensures that DNS updates do not affect the services of the domain name.
Note
During the test, requests are sent to points of presence (POPs). You are charged for basic services and value-added services of CDN that you use. The billing rules of CDN apply in the test. For more information, see Billable items.
Verify the domain name
1. Obtain the CNAME assigned to the domain name.
  1. Log on to the Alibaba Cloud CDN console.
  2. In the left-side navigation pane, click Domain Names.
  3. On the Domain Names page, find the domain name that you want to manage and copy the CNAME.
    Note
    Copy the CNAME of a domain name that is in the Normal state.
2. Obtain the IP address of the CNAME. Run the nslookup command for the CNAME of the domain name in a CLI, such as Command Prompt, PowerShell, or Terminal, to obtain the IP address of the CNAME. Example:
```
nslookup example.aliyundoc.com.w.kunlunle.com 
```
3. Add the IP address and domain name to the hosts file of the on-premises machine.
  You must add the IP address obtained in the previous step and the domain name to the hosts file of the on-premises machine. Make sure that you add the IP address before the domain name. The following examples describe how to add the IP address 192.168.0.1 and the domain name to the hosts file of the on-premises machine:
  Windows
  Go to the C:\Windows\System32\drivers\etc directory and use Notepad to open the hosts file as the administrator.
  Edit the hosts file. The file content may be similar to the following text:
  # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost
  Add the obtained IP address and the domain name to the end of the file. Example:
  192.168.0.1 example.aliyundoc.com
  Save the changes. After you edit the file, choose File > Save or press Ctrl+S to save changes.
  (Optional) Refresh the DNS cache to ensure that the DNS resolution changes immediately take effect.
  Open Command Prompt as the administrator and run the following command:
  ipconfig /flushdns
  macOS
  Open Terminal and run the following command to open the hosts file as an administrator.
  sudo vim /etc/hosts
  Edit the hosts file. The file content may be similar to the following text:
  ## # Host Database # # localhost is used to configure the loopback interface # when the system is booting. Do not change this entry. ## 127.0.0.1 localhost 255.255.255.255 broadcasthost ::1 localhost
  Add the obtained IP address and the domain name to the end of the file. Example:
  192.168.0.1 example.aliyundoc.com
  Save the changes and exit.
  Press Esc to exit the insert mode, enter :wq, and then press Enter to save the file and exit the Vim editor.
  (Optional) Refresh the DNS cache to ensure that the DNS resolution changes immediately take effect.
  Run the following command in Terminal:
  sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
4. Test whether the domain name is accessible.
  After you add the IP address and domain name to the hosts file, you can open the browser and enter the accelerated domain name in the address bar to test the connectivity. You can view the test result by using the developer tool embedded in the browser.
  If the IP address in the Remote Address field is the same as the one that you added to the hosts file, the configuration is valid. You can configure the CNAME on the management console provided by the DNS service provider.
  If the IP address in the Remote Address field is different from the one that you added to the hosts file, the configuration is invalid. Make sure that you add the IP address of the CNAME to the hosts file.
  After you access the domain name, you can also test other features by using the on-premises machine.

Step 2: Configure a CNAME record

Before you connect your domain name to CDN, a request for the domain name is directly sent to the origin server. After you connect the domain name to CDN, a request is first sent to the nearest POP. Then, CDN determines whether to route the request to the origin server. To ensure a seamless transition from direct origin access to CDN-enabled access, you must configure a CNAME record.

A CNAME record is a type of DNS record that points one domain name to another. For more information about CNAME records, see CNAME record overview.

Add a CNAME record

Log on to the CDN console and navigate to the Domain Names page, find the domain name that you added, and copy the CNAME of the domain name. If no value is available in the CNAME column, wait 5 seconds and refresh the page.

Add a CNAME record to the DNS settings of the domain name. The procedure to add a CNAME record varies with your DNS provider. In this topic, Alibaba Cloud and Tencent Cloud are used as examples.

Alibaba Cloud

If your DNS provider is Alibaba Cloud, perform the following steps to add a CNAME record for the domain:

Log on to the Alibaba Cloud DNS console by using the Alibaba Cloud account to which the domain name belongs.
On the DNS resolution page, find the root domain example.com and click DNS Settings in the Actions column.
Click Add DNS Record to add a record.
Set the Record Type parameter to CNAME.

Important

Hostname is the prefix of a domain name. For example, the hostname of www.example.com is www. If the domain name that you want to accelerate is the root domain example.com, enter @ in the Hostname field.
A CNAME record cannot share the same hostname with an A record. If the domain that you want to accelerate has an A record with the same hostname, you must suspend or delete the A record before you configure a CNAME record.
This will cause the domain to be temporarily inaccessible. To reduce the impact on your domain, we recommend that you configure a CNAME record during off-peak hours.

Click OK.

Tencent Cloud

If your DNS provider is Tencent Cloud, perform the following steps to add a CNAME record for the domain:

Log on to the DNSPod console.

On the DNSPod page, click Add Records to add a CNAME record.

Parameter	Description	Example
Hostname	For subdomains, enter the prefix of the subdomain. For wildcard domains, enter ``. For root domains, enter `@`. Note* For more information about subdomains, see Terms.	Subdomains: If the domain name to be accelerated is `example.aliyundoc.com`, enter `example`. If the domain name to be accelerated is `www.example.aliyundoc.com`, enter `www.example`. Wildcard domains: If the domain name to be accelerated is `.aliyundoc.com`, enter ``. If the domain name to be accelerated is `.example.aliyundoc.com`, enter `.example`. Root domains:* If the root domain is `aliyundoc.com` and the domain name to be accelerated is `aliyundoc.com`, enter `@`. Note Domain name resolution settings apply to the domain name that you register, such as aliyundoc.com, or the left part of the domain name. When you specify the Hostname parameter, enter the part to be resolved. For example, if the domain name to be accelerated is example.aliyundoc.com, enter example.
Record Type	Select CNAME.	CNAME
DNS Request Source	Select Default from the drop-down list.	We recommend that you keep the default setting.
Record Value	Enter the CNAME of the domain name. Note For example, example.aliyundoc.com, and www.example.aliyundoc.com correspond to different CNAMEs. If you want to accelerate a subdomain, add the second-level domain to Alibaba Cloud CDN. Alibaba Cloud then assigns a CNAME to the subdomain. Alternatively, you can add a wildcard domain name to Alibaba Cloud CDN. Subdomains that match the wildcard domain name are mapped to the CNAME of the wildcard domain name. For more information, see Add a domain name.	`www.example.com.w.kunlunsl.com`
Weight	You do not need to specify this parameter.	N/A
MX	You do not need to specify this parameter.	N/A
TTL	Enter a TTL value for the CNAME record. A smaller value specifies that the record is updated quicker.	We recommend that you keep the default setting.

Click OK.

Check whether the configured CNAME takes effect.
CNAME status
1. Log on to the CDN console and navigate to the Domain Names page.
2. Find the domain name and move the pointer over the CNAME Status column. If the status is Configured, the CNAME has taken effect.
Note
The CNAME Status may remain Pending Configuration after your configuration. Refresh the page or check the status 5 minutes later.
Use the nslookup command
1. Start Command Prompt in Windows or Terminal in macOS or Linux.
2. Enter nslookup -type=CNAME domainName (example: nslookup -type CNAME www.example.com). If the returned result is the same as the CNAME of the domain name in the CDN console, the CNAME has taken effect.
Use the ping or dig command
1. Windows: Press Windows + R, type cmd in the Run box that appears, and press Enter. The Command Prompt window is displayed.
  macOS: Open Terminal.
2. Run the check commands.
  1. Run the ping domainName command, such as ping www.example.com.
  2. Run the dig domainName command, such as dig www.example.com.
3. View the CNAME in the output. If the CNAME is www.example.com.w.kunlun.com, CDN has taken effect for the domain.
4. If an IP address is returned, as shown in the preceding figure, use the IP address check tool of CDN to check whether the IP address belongs to an CDN POP.
  Check whether an IP address belongs to an CDN POP
  Log on to the Alibaba Cloud CDN console.
  In the left-side navigation pane, click Tools.
  In the IP Address Check section, click Try Now.
  Enter the IP addresses that you want to check and click Check.
  Note
  Both IPv4 and IPv6 addresses are supported. You can check up to 20 IP addresses at a time. Separate IP addresses with commas (,).
  View the check result.
  If the checked IP address belongs to an CDN POP, the value of CDN Node is Yes and the values of Region and Provider are the actual region and ISP to which the IP address belongs.
  If the checked IP address does not belong to an CDN POP, the value of CDN Node is No, and the values of Region and Provider are Unknown.

Note

For more information about CNAME configurations, see Add a CNAME record for a domain name.

Step 3: Configure an SSL certificate

If your domain already supports HTTPS access before you connect it to CDN, you must configure an SSL certificate to enable subsequent HTTPS access.

If your domain does not support HTTPS access and does not require it, skip this section.

Configure an SSL certificate

Important

After you enable HTTPS access, you are charged for HTTPS requests. HTTPS request fees cannot be offset by data transfer plans. To avoid service suspension, make sure that you have sufficient balance in your Alibaba Cloud account, or purchase resource plans for HTTPS requests. For more information, see Billing of HTTPS requests for static content.

Log on to the Alibaba Cloud CDN console.
In the left-side navigation pane, click Domain Names.
On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.
In the left-side navigation tree of the domain name, click HTTPS.
In the HTTPS Certificate section, click Modify.
In the Modify HTTPS Settings dialog box, turn on HTTPS Secure Acceleration, and configure other relevant parameters.
Note
- If you have purchased a certificate from Alibaba Cloud Certificate Management Service, set the Certificate Source parameter to SSL Certificates Service and select the purchased certificate from the Certificate Name drop-down list.
- If you use a certificate that is issued by a third-party CA, set the Certificate Source parameter to Custom Certificate (Certificate+Private Key). After you configure the Certificate Name parameter, configure the Certificate (Public Key) and Private Key parameters. Then, the certificate is saved in Alibaba Cloud Certificate Management Service. You can check the certificate on the SSL Certificates page.
Verify that the HTTPS configuration takes effect.
After you upload an SSL certificate, the certificate takes effect within 1 minute. To check whether the SSL certificate takes effect, you can send HTTPS requests to access resources. If the URL is displayed with an HTTPS icon in the address bar of the browser, such as Google Chrome, HTTPS acceleration is working as expected. After you configure an SSL certificate, take note of the expiration time of the certificate. You need to configure a new certificate before the certificate expires.
Note
- For more information about how to configure an SSL certificate, see Configure an SSL certificate.

Step 4: Check whether resources can be cached on CDN

Check whether resources can be cached on CDN

Windows: Press Windows + R, type cmd in the Run box that appears, and press Enter. The Command Prompt window is displayed.
macOS: Open Terminal.
Run the curl -I resourceURL command, such as ping www.example.com/10.JPG.
View the response header. If it contains Age, X-Cache, X-Swift-SaveTime, and X-Swift-CacheTime, CDN has taken effect for the domain.
Note
- X-Cache: If the value of this field is MISS, the cache is missed and the request is redirected to the origin server. If the value of this field is HIT, the cache is hit and the cached resource is returned.
- Age: the period of time for which the resource has been cached on POPs. Unit: seconds. If the resource is refreshed or accessed for the first time, this field is not included in the response header. A value of 0 in this field indicates that the cache is expired and the request must be redirected to the origin server.
- X-Swift-SaveTime: the time when the resource was first cached on POPs. The time is displayed in UTC. You can convert the time to UTC+8.
- X-Swift-CacheTime: the TTL period of a resource that is cached on POPs. If the value is 0, resources cannot be cached.

Note

If the domain fails to be accessed or exceptions occur during the access process after you complete the preceding steps, see Service unavailability and exceptions.

After the preceding configurations are complete, your website is accelerated by CDN. To ensure secure and stable operations of the website, we strongly recommend that you configure security features and cache policies.

Optional configurations

Configure security settings

Malicious attacks and fraudulent traffic are ubiquitous and can cause sudden spikes in bandwidth consumption or excessive amounts of data transmission. This can result in unexpectedly high costs for your website. We strongly recommend that you configure appropriate security measures to prevent such risks.

Configure security settings

Enable log monitoring

CDN supports offline logs and real-time logs. By analyzing the collected logs, you can quickly identify business and security issues and make prompt adjustments. For more information about logs, see Logs and reports.

Log category	Log delay	Billing	Best practice
Offline logs	Within 24 hours	Free of charge	Analyze offline logs
Real-time logs	Within 3 minutes	Charged (Billing rules)	Deliver CDN real-time logs to SLS for analysis

Configure a Referer whitelist or blacklist
Referer-based hotlink protection refers to access control based on the Referer header. You can configure a Referer whitelist or blacklist to control access, protecting your resources from unauthorized access.
You can configure a Referer whitelist to allow only requests from specific domains, such as domains that are related to your website system. This way, you can identify and filter visitors to prevent unauthorized use of website resources. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.
Configure real-time bandwidth monitoring
You can use CloudMonitor to monitor the peak bandwidth of CDN domains in real time. When the bandwidth of a domain reaches the specified threshold, you will be notified of the potential risks. For more information, see Configure alert rules.

The following tables describe other security policies that you can configure.

Other security policies

Access control

Feature	Description
URL signing	URL signing allows POPs to work with your origin servers to protect origin resources from unauthorized use. For more information, see Configure URL signing.
Remote authentication	After you enable remote authentication, POPs redirect user requests to a specific authentication server. The authentication server verifies the user requests to prevent resources from being accessed by unauthorized users. For more information, see Configure remote authentication.
IP address blacklist or whitelist	After a malicious attack or traffic spike occurs, you can use the real-time log analysis feature to check whether your domain is frequently accessed by an IP address. If a malicious IP address is identified, you can add it to a blacklist. For more information, see Configure an IP address blacklist or whitelist.
User-Agent blacklist or whitelist	After a malicious attack or traffic spike occurs, you can use the real-time log analysis feature to identify the User-Agent headers associated with malicious requests. Then, you can configure a User-Agent blacklist or whitelist to block future requests that contain the identified User-Agent header. For more information, see Configure a User-Agent blacklist or whitelist.

Traffic management

Feature	Description
Bandwidth cap	To limit the amount of bandwidth resources that a domain name can consume, you can specify a bandwidth cap for the domain name. After the bandwidth of the domain name reaches the specified bandwidth cap, CDN disables acceleration for the domain name and the domain name is resolved to an invalid address. This prevents unexpected high bills. For more information, see Configure a bandwidth cap.
Traffic throttling for individual requests	Traffic throttling for individual requests allows you to limit the downstream speed for all requests that are sent to POPs. This feature can be used in website operations, such as game releases. This way, you can limit the overall peak bandwidth of accelerated domain names. For more information, see Configure traffic throttling for individual requests.
Bandwidth throttling	If the daily peak bandwidth of your domain name is greater than 10 Gbit/s and you want to throttle CDN bandwidth for the domain name, submit a ticket. Important Bandwidth throttling applies to the overall bandwidth of all services that are hosted by the domain name. To ensure the accuracy of bandwidth throttling, the bandwidth limit must be at least 10 Gbit/s. After the bandwidth limit, such as 10 Gbit/s, is reached, CDN limits the bandwidth of the accelerated domain name. The response to all requests is slower, and packet loss may also occur. Bandwidth throttling is triggered by the real-time monitoring data of the accelerated domain name. Because the data comes with a delay of approximately 10 minutes, bandwidth throttling starts approximately 10 minutes after the bandwidth limit is reached. In this case, the bandwidth of the accelerated domain name may exceed the limit.

Note

If your domain experiences an attack or has an unexpectedly high bill, troubleshoot the issue by referring to Prevent data transmission abuse.

Recommended configurations

After you add a domain name to CDN, we recommend that you configure a cache TTL and HTML optimization. These features help increase the cache hit ratio, reinforce security, and improve content retrieval efficiency.

Recommended configurations

Cache TTL and request parameter ignoring

In most cases, slow content delivery is related to low cache hit ratios. We recommend that you specify a proper cache TTL and configure query parameter ignoring to increase the cache hit ratio.

Scenario	Description	Reference
Low cache hit ratio and slow content retrieval	The time-to-live (TTL) value for cached content is smaller than required or no cache expiration rule is created, which causes requests to be frequently redirected to the origin server. In this case, you need to specify a proper TTL value to increase the cache hit ratio and accelerate content retrieval. We recommend that you specify a TTL value based on the following rules: Specify a TTL value of one month or longer for static files that are infrequently updated, such as images and application packages. Specify a TTL value based on your actual workloads for static files that are frequently updated, such as JavaScript and CSS files.	Create a cache rule for resources
Low cache hit ratio and slow content retrieval	By default, client requests are redirected to the origin server with the complete URLs retained, including parameters that follow the question mark (`?`). After you enable the parameter ignoring feature, the parameters that follow the question mark (`?`) in the request URL are ignored when the client retrieves resources from the origin server. This improves the cache hit ratio and reduces the number of origin requests.	Ignore parameters

Bandwidth monitoring and alerts

To prevent bandwidth spikes caused by attacks, you can configure the monitoring and alerting features to monitor bandwidth values. Alternatively, you can specify a bandwidth cap.

Scenario	Description	Reference
Prevent high bandwidth values	You can specify a bandwidth cap. If a bandwidth value during a statistical period exceeds the bandwidth cap, CDN suspends acceleration and resolves the domain name to an invalid address `offline.***.com`, which cannot be accessed.	Configure bandwidth caps
Prevent high bandwidth values	You can configure alert rules in CloudMonitor to monitor bandwidth values. This allows you to detect and manage bandwidth anomalies at the earliest opportunity.	Configure alert rules

Resource prefetch
The first time a user requests a resource that you connect to CDN, the system retrieves the resource on the origin server and then caches the resource on POPs. This reduces the speed of the first request. The speed of subsequent requests is not affected. In this case, you can use the resource prefetch feature to cache the resource on POPs in advance and speed up access. For more information, see Purge and prefetch resources.

CDN:Get started with CDN

Working mechanism

Request process without CDN

Request process with CDN

Get started

Step 1: Add a domain name and origin server

Configure a domain name

Verify the domain ownership

Use a DNS record (recommended)

Windows

macOS or Linux

Upload a verification file

Set up an origin server

Verify the domain name

Windows

macOS

Step 2: Configure a CNAME record

Alibaba Cloud

Tencent Cloud

CNAME status

Use the nslookup command

Use the ping or dig command

Step 3: Configure an SSL certificate

Step 4: Check whether resources can be cached on CDN

Optional configurations

Configure security settings

Access control

Traffic management

Recommended configurations

References