All Products
Search
Document Center

CDN:Configure high bill alerts

Last Updated:Aug 30, 2024

If your domain name is attacked or abused for data transmission, high bandwidth consumption or traffic spikes occur. In this case, you receive bills that are higher than expected. High bills that are generated by malicious attacks or data transmission abuse cannot be waived or refunded. This topic describes how to prevent high bills.

Potential risks: high bills caused by attacks or attack-like activities

  • If an attack occurs, you are charged for the bandwidth resources and data transfer.

  • If your domain name is abused for data transmission, high bandwidth consumption or traffic spikes occur in a similar way to attacks. You are charged for bandwidth resources and data transfer in those cases.

Potential consequences: bills that are higher than expected

If your domain name is under attack or abused for data transmission, the bills may be higher than expected and your account balance may be exhausted.

Alibaba Cloud CDN charges you based on the resources that you use. In some cases, the service may not be suspended when the account balance drops to 0 due to reasons such as the billing cycle (by hour, by day, or by month) or billing delays. Bills for Alibaba Cloud CDN are generated three to four hours after each billing cycle ends. Therefore, overdue payments may occur or the amount due in a single bill may exceed the overdraft limit.

Alibaba Cloud provides service suspension protection. If you enable service suspension protection, the service is not suspended before the grace period ends. The grace period or overdraft limit is determined based on your account tier and purchase history. The overdraft limit is reset every month.

Solutions

  • By default, Alibaba Cloud CDN does not provide access control or security protection capabilities. Alibaba Cloud CDN detects bandwidth usage spikes. If abnormal traffic is detected, Alibaba Cloud evaluates whether to throttle traffic, add the domain name to a sandbox, or take other measures based on the normal service traffic and the overall abnormal traffic. For more information, see Limits. This ensures service stability for other users. Alibaba Cloud is not responsible for availability issues caused in those situations.

  • To ensure that the system runs as expected and prevent unexpected high bills, we recommend that you enable security features or perform access control.

Enable access control

When traffic spikes occur, we recommend that you locate the cause by analyzing real-time logs. For more information, see Real-time log delivery. Then, enable the access control features for the domain name in the console based on the specific cause to avoid unnecessary traffic and bandwidth consumption.

Feature

Description

Referer-based hotlink protection

You can configure a Referer whitelist to allow only requests from specific domain names, such as domain names that are related to your website system. This way, you can identify and filter visitors to prevent unauthorized use of website resources. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.

URL signing

The URL signing feature allows points of presence (POPs) to work with your origin servers to protect origin resources from unauthorized use. This method is more secure and reliable. For more information, see Configure URL signing.

Remote authentication

After you enable the remote authentication feature, POPs redirect user requests to a specific authentication server. The authentication server verifies the user requests to prevent resources from being accessed by unauthorized users. For more information, see Configure remote authentication.

IP address blacklist or whitelist

After malicious attacks or traffic spikes occur, you can use the real-time log analysis feature to check whether an IP address frequently accesses the domain name. If a malicious IP address is identified, you can configure a blacklist or whitelist to block the IP address. For more information, see Configure an IP address blacklist or whitelist.

User-Agent blacklist or whitelist

After malicious attacks or traffic spikes occur, you can use the real-time log analysis feature to check whether the User-Agent header of a malicious request is a specific value. If the User-Agent header of the malicious request is a specific value, you can configure a User-Agent blacklist or whitelist to block requests that contain the specific value in their User-Agent header. For more information, see Configure a User-Agent blacklist or whitelist.

Manage traffic

We recommend that you use CloudMonitor to configure bandwidth alert rules by service or domain name to monitor the traffic and bandwidth usage, and send alerts. For more information, see Configure alert rules. In case of unexpected bandwidth surges, you can also configure policies, such as bandwidth throttling and traffic throttling for individual requests, for domain names.

Feature

Description

Bandwidth cap

If you want to limit the amount of bandwidth resources that a domain name can consume, you can specify a bandwidth cap for the domain name. After the bandwidth of the domain name reaches the specified bandwidth cap, Alibaba Cloud CDN disables acceleration for the domain name and the domain name is resolved to an invalid address. This prevents unexpected high bills. For more information, see Configure bandwidth caps.

Traffic throttling for individual requests

Traffic throttling for individual requests allows you to limit the downstream speed for all requests that are sent to POPs. Traffic throttling for individual requests can be used in website operations, such as game releases. This way, you can limit the overall peak bandwidth of accelerated domain names. For more information, see Configure traffic throttling for individual requests.

Bandwidth throttling

If the daily peak bandwidth of your domain name is greater than 10 Gbit/s and you want to throttle Alibaba Cloud CDN bandwidth for the domain name, submit a ticket.

Important
  • Bandwidth throttling applies to the overall bandwidth of all services that are hosted by the domain name. To ensure the accuracy of bandwidth throttling, the bandwidth limit must be greater than or equal to 10 Gbit/s.

  • After the bandwidth limit such as 10 Gbit/s is reached, Alibaba Cloud CDN limits the bandwidth of the accelerated domain name. The response to all requests is slower, and packet loss may also occur.

  • Bandwidth throttling is triggered by the real-time monitoring data of the accelerated domain name. Because the data comes with a delay of approximately 10 minutes, bandwidth throttling starts approximately 10 minutes after the bandwidth limit is reached. In this case, the bandwidth of the accelerated domain name may exceed the limit.

Real-time monitoring

If you want to monitor the peak bandwidth of domain names in real time, you can use CloudMonitor. After the bandwidth of a domain name reaches the specified threshold, you are notified of the potential risks by text message, email, or DingTalk message. For more information, visit the product page of CloudMonitor.

Spending management and alerts

You can use the following features to monitor and limit the expenses. To configure the features, move your pointer over Expenses in the top navigation bar of the console and select Expenses and Costs.

  • High bill alerts: If you enable this feature, the system sends an alert by text message when a daily bill exceeds the alert threshold that you specified.

  • Service suspension protection: If you disable this feature, the service immediately stops running after a payment becomes overdue to prevent high overdue payments.

  • High bill alert: After this feature is enabled, notifications are sent to you by text message if a daily bill reaches a specified amount.

Note

To ensure the integrity of the statistics and the accuracy of bills, Alibaba Cloud CDN issues the bill approximately three hours after a billing cycle ends. The point in time to deduct relevant fees from your account balance may be later than the point in time at which the resources are consumed within the billing cycle. Alibaba Cloud CDN is a distributed service. Therefore, Alibaba Cloud does not provide the consumption details of Alibaba Cloud CDN resources in bills. Other CDN providers use a similar approach.

References

For more information about security protection issues and solutions, see FAQ.