To protect your accelerated domain names against threats such as malicious attacks and fraudulent traffic, you can enable the following features: Referer-based hotlink protection, URL authentication, remote authentication, IP address blacklist or whitelist, and User-Agent blacklist or whitelist. These features allow you to create rules and use the rules to manage access to your CDN POP. If an unauthorized request matches the rules, the CDN POP rejects the request and returns a 4xx status code.
In this case, CPU resources are consumed when the POP handles the request. Traffic and bandwidth resources are consumed when the POP returns an HTTP 4xx status code. Therefore, you are charged for the traffic and bandwidth resources and unauthorized requests.
If a large number of unauthorized requests are sent to your domain name, unexpected high bills may be generated even if access control rules are configured for your accelerated domain name. For information about how to prevent this issue, see Configure high bill alerts.