You can call BatchSetDcdnDomainConfigs to configure features for multiple domain names at a time. This topic describes the features that you can call this operation to configure and the parameters that you need to specify when you call this operation.
The features described in this topic can be referenced when you call the following API operations: BatchSetDcdnDomainConfigs, DescribeDcdnDomainConfigs, BatchDeleteDcdnDomainConfigs, and DescribeDcdnUserDomainsByFunc.
You can call BatchSetDcdnDomainConfigs to configure features for multiple domain names. If the operation succeeds, unique configuration IDs (ConfigId) are generated. You can use the configuration IDs to update or delete the configurations of the features. For more information, see Usage notes on ConfigId.
Basic information
dynamic
Feature description: configures acceleration rules for static and dynamic resources. For more information, see Overview.
Feature ID (FunctionID/FuncId): 46.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable static and dynamic content acceleration. Valid values:
on
off
on
static_route_type
String
No
The filename extension of the static file.
.txt
static_route_url
String
No
The URI of the static file.
/domain/detail/log.txt
static_route_path
String
No
The path of the static file.
NoteYou can use wildcard characters such as the asterisk (*) and question mark (?) for fuzzy search. The asterisk (*) specifies zero, one, or more characters. The question mark (?) specifies one character.
/abc/test/*
dynamic_route_origin
String
No
The origin protocol policy used to retrieve dynamic content. Valid values:
http: Dynamic Content Delivery Network (DCDN) redirects requests to the origin server over HTTP.
https: DCDN redirects requests to the origin server over HTTPS.
follow: When a client uses HTTP or HTTPS to request resources, DCDN redirects the request to the origin server over the protocol that is used by the client.
follow-port: When a client uses HTTP or HTTPS to request resources, DCDN redirects the request to the origin server over the protocol that is used by the origin server port.
NoteDefault value: follow.
https
dynamic_route_round_robin
String
No
Specifies whether to enable load balancing. Valid values:
on
off (default)
off
partition_back_to_origin
String
No
Specifies whether to enable separated origin fetch for the Chinese mainland and outside the Chinese mainland. Valid values:
on
off (default)
off
dynamic_route_adapt_cache
String
No
Specifies whether to enable adaptive caching. Valid values:
on
off (default)
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "static_route_type", "argValue": ".txt" }, { "argName": "static_route_url", "argValue": "/domain/detail/log.txt" },{ "argName": "static_route_path", "argValue": "/abc/test/*" }, { "argName": "dynamic_route_origin", "argValue": "https" }, { "argName": "dynamic_route_round_robin", "argValue": "off" }, { "argName": "dynamic_route_adapt_cache", "argValue": "off" }], "functionName": "dynamic" }], "DomainNames": "example.com" }
ipv6
Feature description: configures IPv6. For more information, see Enable IPv6.
Feature ID (FunctionID/FuncId): 194.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
switch
String
Yes
Specifies whether to enable IPv6. Valid values:
on
off
on
region
String
Yes
The region where you want to enable IPv6.
NoteYou can enter an asterisk (*) to specify all regions. To enable IPv6 in a specified region, submit a ticket.
If you do not set the region parameter, IPv6 is enabled in all regions.
*
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "switch", "argValue": "on" }, { "argName": "region", "argValue": "*" }], "functionName": "ipv6" }], "DomainNames": "example.com" }
Origin fetch settings
set_req_host_header
Feature description: configures an origin host. For more information, see Configure an origin host.
Feature ID (FunctionID/FuncId): 18.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
domain_name
String
Yes
The origin host.
example.comExample:
{ "Functions": [{ "functionArgs": [{ "argName": "domain_name", "argValue": "example.com" }], "functionName": "set_req_host_header" }], "DomainNames": "example.com" }
forward_scheme
Feature description: configures the origin protocol policy. For more information, see Configure the static origin protocol policy.
Feature ID (FunctionID/FuncId): 47.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable the origin protocol policy. Valid values:
on
off
on
scheme_origin
String
No
The protocol for origin fetch. Valid values:
http: DCDN redirects requests to the origin server over HTTP.
https: DCDN redirects requests to the origin server over HTTPS.
follow: When a client uses HTTP or HTTPS to request resources, DCDN redirects the request to the origin server over the protocol that is used by the client.
NoteDefault value: follow.
follow
scheme_origin_port
String
No
The custom origin port. This parameter needs to be used together with the scheme_origin parameter.
If scheme_origin is set to http, you only need to configure an origin HTTP port, such as 80.
If scheme_origin is set to https, you only need to configure an origin HTTPS port, such as 443.
If scheme_origin is set to follow, you need to configure origin HTTP and HTTPS ports. Separate the ports with colons (:). Example: 80:443.
80:443
Example 1: DCDN redirects requests to the origin server over the protocol that is used by the client. The origin port is the default port of the protocol, which is 80 for HTTP and 443 for HTTPS.
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "scheme_origin", "argValue": "follow" }], "functionName": "forward_scheme" }], "DomainNames": "example.com" }Example 2: DCDN redirects requests to the origin server over the protocol that is used by the client. The origin port is a custom port, which is 8080 for HTTP and 4433 for HTTPS.
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "scheme_origin", "argValue": "follow" }, { "argName": "scheme_origin_port", "argValue": "8080:4433" }], "functionName": "forward_scheme" }], "DomainNames": "example.com" }
l2_oss_key
Feature description: configures access control on private Object Storage Service (OSS) buckets. The first time you use this feature, you need to grant DCDN read-only permissions on all OSS buckets in your account. For more information, see Configure access to private OSS buckets.
Feature ID (FunctionID/FuncId): 85.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
private_oss_auth
String
Yes
Specifies whether to enable access to private OSS buckets. Valid values:
on
off
After you enable this feature, the system automatically configures an STS token. However, DCDN can only access to private OSS buckets in the same Alibaba Cloud account. For more information about STS tokens, see What is STS?
on
perm_private_oss_tbl
String
No
The permanent security token in the format of
access_id=123 access_secret=123abc(separated by a space).After you configure a permanent security token, DCDN can access private OSS buckets in the same Alibaba Cloud account or a different Alibaba Cloud account. For more information about permanent security tokens, see Create an AccessKey pair.
access_id=123 access_secret=123abc
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "private_oss_auth", "argValue": "on" },{ "argName": "perm_private_oss_tbl", "argValue": "access_id=123 access_secret=123abc" }], "functionName": "l2_oss_key" }], "DomainNames": "example.com" }
oss_key_list
Feature description: configures one or more rules that define the security tokens used to access different private OSS buckets.
Feature ID (FunctionID/FuncId): 183.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
host
String
Yes
The URL of the private OSS bucket.
example.oss-cn-hangzhou.aliyuncs.com
key
String
Yes
The permanent security token in the format of
access_id=123 access_secret=123abc(separated by a space).After you configure a permanent security token, DCDN can access private OSS buckets in the same Alibaba Cloud account or a different Alibaba Cloud account. For more information about permanent security tokens, see Create an AccessKey pair.
access_id=123 access_secret=123abc
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "host", "argValue": "example.oss-cn-hangzhou.aliyuncs.com" },{ "argName": "key", "argValue": "access_id=123 access_secret=123abc" }], "functionName": "oss_key_list" }], "DomainNames": "example.com" }
https_origin_sni
Feature description: configures Server Name Indication (SNI) for a specified origin server. For more information, see Specify the origin SNI for each origin. Configure SNI
Feature ID (FunctionID/FuncId): 114.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enabled
String
Yes
Specifies whether to enable origin SNI. Valid values:
on
off
on
https_origin_sni
String
Yes
The SNI information that is carried in origin requests. The SNI information specifies the address of the origin server.
origin.example.comExample:
{ "Functions": [{ "functionArgs": [{ "argName": "https_origin_sni", "argValue": "origin.example.com" }, { "argName": "enabled", "argValue": "on" }], "functionName": "https_origin_sni" }], "DomainNames": "example.com" }
forward_timeout
Feature description: sets a timeout period for origin requests. For more information, see Configure a timeout period for origin requests.
Feature ID (FunctionID/FuncId): 124.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
forward_timeout
Integer
Yes
The request timeout period. Unit: seconds.
NoteWe recommend that you set this parameter to less than 100 seconds.
30
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "forward_timeout", "argValue": "30" }], "functionName": "forward_timeout" }], "DomainNames": "example.com" }
advanced_origin
Feature description: configures advanced origin settings. For more information, see Configure advanced origin settings. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature conflicts: The advanced origin feature conflicts with the conditional origin feature (function: origin_dns_host, feature ID: 212). You can use only one of the two features. If you have configured one of the features, you need to delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 235.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
variable_type
String
Yes
The variable type. Valid values:
header: a request header.
arg: a query string parameter in a request URL.
uri: a URL path in a request URL.
cookie: a request cookie.
uri
variable
String
Yes
The variable name.
NoteIf variable_type is set to uri, variable must be set to uri.
uri
conditions
String
Yes
The condition. Valid values:
==: equals.
!=: does not equal.
==
value
String
Yes
The value of the variable.
/image
origin
String
Yes
The domain name of the origin server that is carried in a variable in a user request. Requests destined for the domain name are redirected to the specified origin server.
origin.example.com
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "conditions", "argValue": "==" }, { "argName": "variable_type", "argValue": "uri" }, { "argName": "value", "argValue": "/image" }, { "argName": "origin", "argValue": "origin.example.com" }, { "argName": "variable", "argValue": "uri" }], "functionName": "advanced_origin" }], "DomainNames": "example.com", }
follow_302
Feature description: configures 302 redirection. For more information, see Configure 301/302 redirection. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 219.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable 302 redirection. Valid values:
on
off
on
max_tries
Integer
No
The maximum number of 302 redirects.
Default value: 2.
Valid values: 1 to 5.
NoteNumber of times for origin fetch - 1 = Number of 302 redirects. The default value of the maximum number of times for origin fetch is 3, and valid values are 2 to 6.
2
retain_args
String
No
Specifies whether to retain request parameters during 302 redirects. Valid values:
on
off (default)
off
retain_header
String
No
Specifies whether to retain request headers during 302 redirects. Valid values:
on
off (default)
off
response_header
String
No
The response header of 302 redirects that is returned from the origin server. Default value: Location.
X-Alicdn-Redirect
retain_host
String
No
Specifies whether to retain the origin domain name during 302 redirects. This feature is available only when the destination domain name is obtained from the response header. Valid values:
on
off (default)
off
modify_host
String
No
Specifies whether to modify the origin domain name during 302 redirects. This feature is available only when the destination domain name is obtained from the response header. By default, the origin domain name is not modified.
example.com
cache
String
No
Specifies whether to cache the redirection results of the same URL during 302 redirects. This can accelerate response from DCDN. Valid values:
on
off (default)
off
expired_time
Integer
No
The timeout period for the cached redirection results of the same URL during 302 redirects. This parameter is valid when the cache parameter is set to on. Unit: seconds. Default value: 3600.
7200
follow_origin_host
String
No
Specifies whether the origin domain name is used as the origin host during 302 redirects. If this parameter is set to on, the origin domain name is used as the origin host and the most recent origin domain name is used for a primary/secondary switchover. Valid values:
on
off (default)
off
follow_5xx_retry_origin
String
No
Specifies whether to enable a primary/secondary origin switchover. If this feature is enabled, when DCDN receives an HTTP 5xx status code from an origin server, DCDN switches to the next available origin server. Valid values:
on
off (default)
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "max_tries", "argValue": 2 }, { "argName": "retain_args", "argValue": "off" }, { "argName": "retain_header", "argValue": "off" }, { "argName": "response_header", "argValue": "X-Alicdn-Redirect" }, { "argName": "retain_host", "argValue": "off" }, { "argName": "modify_host", "argValue": "example.com" }, { "argName": "cache", "argValue": "off" }, { "argName": "expired_time", "argValue": "7200" }, { "argName": "follow_origin_host", "argValue": "off" }, { "argName": "follow_5xx_retry_origin", "argValue": "off" }], "functionName": "follow_302" }], "DomainNames": "example.com" }
set_req_header
Feature description: configures a custom origin HTTP header. For more information, see Configure custom HTTP request headers.
Noteset_req_header is version 1. We recommend that you use version 2 origin_request_header. Version 2 supports more headers.
Feature ID (FunctionID/FuncId): 39.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
key
String
Yes
The name of the header.
Accept-Encoding
value
String
Yes
The value of the header. If you want to delete a header, set the header value to null.
gzip
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "value", "argValue": "gzip" }, { "argName": "key", "argValue": "Accept-Encoding" }], "functionName": "set_req_header" }], "DomainNames": "example.com" }
origin_request_header
Feature description: configures a custom origin HTTP header (new). For more information, see Configure HTTP request headers (new). This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 228.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
header_operation_type
String
Yes
The operation that you want to perform on the request header. Valid values:
add
delete
modify
rewrite
add
header_name
String
Yes
The name of the request header.
Accept-Encoding
header_value
String
No
The value of the request header. You can specify one or more values for a request header. Separate multiple values with commas (,).
gzip
duplicate
String
No
Specifies whether to allow duplicate request headers. This parameter is required if you set the header_operation_type parameter to add. Valid values:
on
off
off
header_source
String
No
The header value that you want to replace. This parameter is required if you set the header_operation_type parameter to rewrite. Regular expressions are supported.
value1
header_destination
String
No
The header value that is used to replace the original header value. This parameter is required if you set the header_operation_type parameter to rewrite.
value123
match_all
String
No
The match mode. This parameter is required if you set the header_operation_type parameter to rewrite. Valid values:
on: All header values that match the search condition are replaced.
off: Only the first value that matches the search condition is replaced.
off
Example: Add an origin request header to requests that are destined for
example.com. Set the header name to Accept-Encoding, and the header value to gzip.{ "Functions": [{ "functionArgs": [{ "argName": "header_operation_type", "argValue": "add" }, { "argName": "header_name", "argValue": "Accept-Encoding" }, { "argName": "header_value", "argValue": "gzip" }, { "argName": "duplicate", "argValue": "off" }], "functionName": "origin_request_header" }], "DomainNames": "example.com" }
origin_response_header
Feature description: configures an origin HTTP response header. For more information, see Configure HTTP response headers. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 229.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
header_operation_type
String
Yes
The operation that you want to perform on the response header. Valid values:
add
delete
modify
rewrite
add
header_name
String
Yes
The name of the response header.
Cache-Control
header_value
String
No
The value of the response header. You can specify one or more values for a response header. Separate the values with commas (,).
no-cache
duplicate
String
No
Specifies whether to allow duplicate response headers. If you set the header_operation_type parameter to add, you must specify this parameter.
on
off
off
header_source
String
No
The header value that you want to replace. This parameter is required if you set the header_operation_type parameter to rewrite. Regular expressions are supported.
value1
header_destination
String
No
The header value that is used to replace the original header value. This parameter is required if you set the header_operation_type parameter to rewrite.
value123
match_all
String
No
The match mode. This parameter is required if you set the header_operation_type parameter to rewrite. Valid values:
on: All header values that match the search condition are replaced.
off: Only the first value that matches the search condition is replaced.
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "header_operation_type", "argValue": "add" }, { "argName": "header_name", "argValue": "Cache-Control" }, { "argName": "header_value", "argValue": "no-cache" }, { "argName": "duplicate", "argValue": "off" }], "functionName": "origin_response_header" }], "DomainNames": "example.com" }
back_to_origin_url_rewrite
Feature description: rewrites origin URIs. For more information, see Rewrite origin URIs. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 225.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
source_url
String
Yes
The URI that you want to rewrite.
^/hello$
target_url
String
Yes
The final URI.
/hello/test
flag
String
No
The rewrite flag. Valid values:
None: If the current rule is matched, the system continues matching the URI against other rules.
break: If the current rule is matched, the system skips other rules.
enhance_break: This flag is similar to break but this flag writes the URL parameters and takes effect for Flash Video (FLV) live streaming.
break
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "flag", "argValue": "break" }, { "argName": "source_url", "argValue": "^/hello$" }, { "argName": "target_url", "argValue": "/hello/test" }], "functionName": "back_to_origin_url_rewrite" }], "DomainNames": "example.com", }
back_to_origin_argument_rewrite
Feature description: rewrites parameters in origin requests. For more information, see Rewrite URL parameters in origin requests. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
NoteAfter you enable this feature, DCDN rewrites query strings in origin URLs. You can configure one or more rewrite rules. Rewrite rules take effect in the following order: Add > Delete > Reserve Only > Modify. If you configure multiple rewrite rules for the same parameter, only the rewrite rule that has the highest priority takes effect.
Feature ID (FunctionID/FuncId): 224.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
delete_argument
String
No
The parameters that you want to delete. Separate parameters with spaces.
code1
save_argument
String
No
The parameters that you want to retain. Separate parameters with spaces. Only the specified parameters are retained. The Add and Delete rules take effect at the same time.
Empty
ignore_all_argument
String
No
Specifies whether to ignore all parameters. Valid values:
on: ignores all parameters. Only the Add rule takes effect.
off (default): does not ignore all parameters. The Retain, Add, and Delete rules remain effective.
on
add_argument
String
No
The parameters that you want to add. Separate multiple parameters with spaces. The Add rule has the highest priority.
value=123
modify_argument
String
No
The parameters that you want to modify. Separate multiple parameters with spaces. The Modify rule has the lowest priority.
value=321
enable
String
Yes
Specifies whether to enable parameter rewrite. Valid values:
on
off
on
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "delete_argument", "argValue": "" }, { "argName": "save_argument", "argValue": "" }, { "argName": "add_argument", "argValue": "" }, { "argName": "modify_argument", "argValue": "" }, { "argName": "ignore_all_argument", "argValue": "on" }, { "argName": "enable", "argValue": "on" }], "functionName": "back_to_origin_argument_rewrite" }], "DomainNames": "example.com" }
aws_s3_bucket
Feature description: configures Amazon Simple Storage Service (S3) authentication. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 186.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enabled
String
Yes
Specifies whether to enable Amazon S3 authentication. Valid values:
I2: enables Amazon S3 authentication.
off: disables Amazon S3 authentication.
l2
bucketname
String
No
The name of the Amazon S3 bucket.
/
accesskey
String
Yes
The AWS access key ID.
123456789
secretkey
String
Yes
The AWS secret access key.
12345678
region
String
Yes
The region where the Amazon S3 bucket resides.
us-east-2
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enabled", "argValue": "l2" }, { "argName": "accesskey", "argValue": "123456789" }, { "argName": "secretkey", "argValue": "123456789" }, { "argName": "region", "argValue": "us-east-2" }], "functionName": "aws_s3_bucket" }], "DomainNames": "example.com" }
origin_certificate_verification
Feature description: configures an SNI whitelist. For more information, see Configure a common name whitelist. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 223.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enabled
String
Yes
Specifies whether to enable the SNI whitelist. Valid values:
on
off
on
common_name_whitelist
String
No
The domain names that you want to add to the SNI whitelist. Separate domain names with commas (,). The domain names in the whitelist are considered authenticated.
example.comExample:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "common_name_whitelist", "argValue": "example.com" }], "functionName": "origin_certificate_verification" }], "DomainNames": "example.com" }
origin_dns_host
Feature description: configures a conditional origin. You can use this feature in conjunction with the rules engine feature (function: condition, feature ID: 250) to retrieve content from a specified origin server based on the paths, URL parameters, or headers in user requests. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Prerequisites: At least one rule is created by using the rules engine feature before you configure a conditional origin. When you configure a conditional origin, make sure that a rule is associated with the conditional origin. For more information, see Rules engine. If you do not associate a rule with the conditional origin, all origin traffic is directed to the origin server. This way, conditional origin fetch is not implemented.
Feature conflicts: The conditional origin feature conflicts with the advanced origin feature (function: advanced_origin, feature ID: 235). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 212.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ali_origin_dns_host
String
Yes
The domain name for origin fetch.
example.comExample: Set parentid to the value of ConfigId that is generated when you create a rule by using the rules engine feature (function: condition, feature ID: 250) to reference the rule. If a request matches the rule, the request is redirected to the origin server that is specified by the rule.
{ "Functions": [{ "functionArgs": [{ "argName": "ali_origin_dns_host", "argValue": "example.com" }], "functionName": "origin_dns_host", "parentId":30119730104**** }], "DomainNames": "example.com" }
origin_host
Feature description: configures the origin host for each origin. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 242.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
origin
String
Yes
The address of the origin server. If you do not specify an origin address, the origin parameter is automatically set to all.
example.comhost
String
Yes
The host. You can set the host parameter to
ali_follow_originto use the address of the origin server as the host.host.example.comExample 1: When a user request is redirected to the origin server
example.com, the value of host ishost.example.com.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "example.com" }, { "argName": "host", "argValue": "host.example.com" }], "functionName": "origin_host" }], "DomainNames": "example.com" }Example 2: When a user request is redirected to all origin servers, the value of the origin parameter is all, and the value of the host parameter for all origin servers is
host.example.com.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "host", "argValue": "host.example.com" }], "functionName": "origin_host" }], "DomainNames": "example.com" }Example 3: When a user request is redirected to all origin servers, the value of origin is all, and the value of host for all origin servers is
ali_follow_origin, which indicates the address of the origin server.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "host", "argValue": "ali_follow_origin" }], "functionName": "origin_host" }], "DomainNames": "example.com" }
ali_origin_port_scheme
Feature description: configures an origin port and protocol. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 276.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
port
String
Yes
The origin port.
NoteIf scheme is set to follow, set the value in the following format:
http:80|https:443.80
scheme
String
Yes
The origin protocol. Valid values: http, https, follow, https_sm, and follow_sm.
http: HTTP.
https: HTTPS.
follow: the protocol that is used by clients.
If the clients use the HTTP protocol, the HTTP protocol is used for origin fetch.
If the client uses the HTTPS protocol:
If the client uses the RSA algorithm, the HTTPS protocol and the RSA algorithm are used for origin fetch.
If the client uses the ShangMi (SM) algorithm, the HTTPS protocol and the RSA algorithm are used for origin fetch.
https_sm: The HTTPS protocol and the SM algorithm are used for origin fetch.
follow_sm: The HTTP or HTTPS protocol that is used by clients. The RSA and SM algorithms are supported.
If the clients use the HTTP protocol, the HTTP protocol is used for origin fetch.
If the client uses the HTTPS protocol:
If the client uses the RSA algorithm, the HTTPS protocol and the RSA algorithm are used for origin fetch.
If the client uses the SM algorithm, the HTTPS protocol and the SM algorithm are used for origin fetch.
NoteRSA is an algorithm that complies with international standards. SM is an algorithm that is widely used in regions in China and is recognized by the State Cryptography Administration.
http
Example 1: Set the scheme parameter to http and the origin port to 80.
{ "Functions": [{ "functionArgs": [{ "argName": "port", "argValue": "80" }, { "argName": "scheme", "argValue": "http" }], "functionName": "ali_origin_port_scheme" }], "DomainNames": "example.com" }Example 2: Set scheme to follow. When the HTTP protocol is used for origin fetch, requests are sent to port 80 of the origin server. When the HTTPS protocol is used for origin fetch, requests are sent to port 443 of the origin server.
{ "Functions":[{ "functionArgs": [{ "argName": "port", "argValue": "http:80|https:443" }, { "argName": "scheme", "argValue": "follow" }], "functionName":"ali_origin_port_scheme" }], "DomainNames":"example.com" }
origin_sni
Feature description: configures SNI for a specified origin server. For more information, see Specify the origin SNI for each origin. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 262.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
origin
String
Yes
The address of the origin server. If you do not specify an origin address, the origin parameter is automatically set to all.
example.comsni_host
String
Yes
The SNI host.
You can set this parameter to a fixed value, such as
example.org.To use the address of the origin server, set this parameter to
ali_follow_origin.To use the address of the origin host, set this parameter to
ali_follow_host.
example.orgkeepalive_sni
String
No
Specifies whether to enable SNI matching for persistent connections. Valid values:
on
off
NoteIf you enable SNI matching, requests with different SNI hostnames use different persistent connections.
/
Example 1: When a user request is redirected to the origin server
origin.example.com, the value of SNI ishost.example.com.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "origin.example.com" }, { "argName": "sni_host", "argValue": "host.example.com" }], "functionName": "origin_sni" }], "DomainNames": "example.com" }Example 2: When a user request is redirected to all origin servers, the value of origin is
all, and the value of SNI for all origin servers ishost.example.com.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "sni_host", "argValue": "host.example.com" }], "functionName":"origin_sni" }], "DomainNames":"example.com" }Example 3: When a user request is redirected to all origin servers, the value of origin is
all, and the value of SNI for all origin servers isali_follow_origin, which indicates the address of the origin server.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "sni_host", "argValue": "ali_follow_origin" }], "functionName": "origin_sni" }], "DomainNames": "example.com" }Example 4: When a user request is redirected to all origin servers, the value of origin is
all, and the value of SNI for all origin servers isali_follow_host, which indicates the address of the origin host.{ "Functions": [{ "functionArgs": [{ "argName": "origin", "argValue": "all" }, { "argName": "sni_host", "argValue": "ali_follow_host" }], "functionName": "origin_sni" }], "DomainNames": "example.com" }
source_group
Feature description: configures an origin server group. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 294.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
source_group_name
String
Yes
The name of the origin server group. The name can be up to 128 bytes in length and can contain lowercase letters, digits, and underscores (_).
example_origin
source_info
String
Yes
The information about origin servers, in the format of Origin server address_Priority_Weight_Port. Separate multiple values with commas (,).
Origin server address: You can specify IPv4 addresses, IPv6 addresses, and domain names.
Priority: The value ranges from 1 to 65535. A smaller value indicates a higher priority.
Weight: The value ranges from 1 to 100. The proportions of requests sent to different origin servers are allocated based on the weights of the origin servers during DCDN origin fetch.
Port: The value ranges from 1 to 65535.
Single origin server: 192.168.0.1_10_33_80
Multiple origin servers: 192.168.0.1_10_33_80,192.0.2.1_10_67_80
retry_times
Integer
No
The number of origin fetch retries.
3
retry_status_rule
Integer
No
The status code for origin fetch retries. Valid values: 4xx, 5xx, 404, 404-or-5xx, and 4xx-or-5xx. You can specify only one value.
404-or-5xx
failback_source
String
No
The basic origin information used for backup. Valid values:
on: If all origin servers in an origin server group are unavailable, the origin server address that is configured in the Origin Information section on the Basic Settings tab is used.
off: If all origin servers in an origin server group are unavailable, a 5xx status code indicating that the origin servers are unavailable is returned to the client.
on
NoteOrigin retry logic:
retry_times: the number of origin retries.
Retries between IP addresses of the same origin server group are allowed.
The maximum number of retries varies based on the number of available IP addresses in the origin server group.
If you do not set the retry_times parameter, the default number of origin retries is the smaller one of three and the number of available origin server IP addresses.
If you specify the retry_times parameter, the number of origin retries is the smaller value between the value of the retry_times parameter and the number of available origin IP addresses.
retry_status_rule: the status code that triggers the point of presence (POP) to retry.
If you do not specify the retry_status_rule parameter, the POP retries when the origin server returns the 5xx status code.
If you specify the retry_status_rule parameter, the POP retries when the origin server returns the status code that you specify. Valid values: 4xx, 5xx, 404, 404-or-5xx, and 4xx-or-5xx. You can specify only one value.
After you specify the retry_status_rule parameter, the default status code 5xx remains in effect. For example, if the 404 status code is set, the POP retries when the 404 or 5xx status code is received.
Origin retry order: The retry order is based on the priority of IP addresses in the origin server group in descending order.
Origin timeout: The POP retries after it receives the retry status code from the origin server. If no retry status code is received from the origin server, the timeout process applies. After the timeout period is reached, the POP is triggered to retry.
Timeout period for establishing a TCP connection with the origin server: 10 seconds.
Write timeout for the origin server: the period for data write after the TCP connection with the origin server is established. The value is 30 seconds.
Origin read timeout: the period for the origin server to return the content requested by the POP after the connection with the origin server is established. The value is 30 seconds.
Origin server probing logic:
Abnormal TCP connection: If the TCP connection between a POP and an origin server is abnormal, the IP address of the origin server is added to a dead table. This way, subsequent origin requests are not sent to the IP address. The POP probes the IP address every 5 seconds. If the TCP connection can be established as expected, the IP address of the origin server is removed from the dead table and added to the list of available origin IP addresses.
Normal TCP connection: If the TCP connection between a POP and an origin server is normal but a retry status code, such as 5xx, is returned from the origin server, the IP address of the origin server is not removed from the list of available origin IP addresses. In this case, the retry logic is triggered and subsequent requests are still sent to the IP address of the origin server. If errors occur at Layer 7 when the TCP connection between a POP and an origin server is normal, the IP address of the origin server is not automatically blocked. If you want to block the IP address, you need to monitor origin requests at Layer 7.
Example:
{ "Functions":[{ "functionArgs":[{ "argName":"source_group_name", "argValue":"test_yidong" },{ "argName":"source_info", "argValue":"192.168.0.1_10_33_80,192.0.2.1_10_67_80" },{ "argName":"retry_times", "argValue":"3" },{ "argName":"retry_status_rule", "argValue":"404,502" },{ "argName":"failback_source", "argValue":"on" }], "functionName":"source_group" }], "DomainNames":"example.com" }
ipv6_origin
Feature description: configures origin fetch over IPv6. For more information, see Configure origin fetch over IPv6. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 265.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable origin fetch over IPv6. Valid values:
on
off
NoteAfter you enable this feature, the origin servers provide IPv6 services.
If both the POP and the origin server have available IPv6 addresses, an IPv6 connection is used.
An IPv4 connection is established in the following scenarios:
The POP does not have an available IPv6 address.
The origin server does not have an available IPv6 address.
The POP and the origin server do not have available IPv6 addresses.
on
follow
String
Yes
Specifies whether to follow the version of the IP protocol that is used by the client. Valid values:
on
off
NoteAfter you enable this feature, the IP version of the client request is used for origin fetch.
If a client request uses IPv6, an origin server that uses IPv6 is used for origin fetch. If no origin server uses IPv6, an origin server that uses IPv4 is used for origin fetch.
If a client request uses IPv4, an origin server that uses IPv4 is used for origin fetch. If no origin server uses IPv4, an origin server that uses IPv6 is used for origin fetch.
on
ipv6_v4_mix_used
String
No
Specifies whether to enable the IPv4/IPv6 polling feature. Valid values:
on
off
NoteThis feature is mutually exclusive with origin fetch over IPv6 and IP protocol following.
When the IPv4/IPv6 polling feature is enabled, polling is used to determine the IP address of the origin server for origin fetch, regardless of whether the requests are sent over IPv4 or IPv6, or how many IPv4 and IPv6 addresses does the origin server have.
If you configure the weight ratio of IPv4 and IPv6 addresses, origin fetch is performed based on the weight ratio.
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" },{ "argName": "follow", "argValue": "on" }], "functionName": "ipv6_origin" }], "DomainNames": "example.com" }
cos_auth
Feature description: configures Tencent Cloud Object Service (COS) authentication. This feature can only be used after your account is added to the whitelist. To use this feature, submit a ticket.
Feature ID (FunctionID/FuncId): 288.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable COS authentication. Valid values:
on
off
on
cos_valid_period
String
No
The validity period of the authentication signature. Unit: seconds. Default value: 3600.
/
cos_secret_id
String
Yes
The authentication ID of Tencent Cloud.
123456789
cos_secret_key
String
Yes
The authentication key of Tencent Cloud.
12345678
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "cos_secret_id", "argValue": "123456789" }, { "argName": "cos_secret_key", "argValue": "123456789" }], "functionName": "cos_auth" }], "DomainNames": "example.com" }
oss_auth
Feature description: configures authentication on OSS buckets that are used as origins of DCDN.
Feature ID (FunctionID/FuncId): 10.
Note: After you configure an OSS bucket as the origin server for an accelerated domain name, the system automatically adds the oss_auth configuration. Do not delete the oss_auth configuration. Otherwise, you cannot enjoy the preferential pricing that is designed for data transfer between DCDN and OSS. Also, if you enable authentication for private OSS buckets but delete the oss_auth configuration, authentication fails when DCDN tries to fetch data from the private OSS buckets.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
oss_bucket_id
String
Yes
The public domain name of the OSS bucket.
dcdn-test.oss-cn-hongkong.aliyuncs.com
oss_pri_buckets
String
Yes
The public domain name of the OSS bucket and the bucket name.
dcdn-test.oss-cn-hongkong.aliyuncs.com|dcdn-test
Example:
{ "Functions": [ { "ArgValue": "dcdn-test.oss-cn-hongkong.aliyuncs.com", "ArgName": "oss_bucket_id" }, { "ArgValue": "dcdn-test.oss-cn-hongkong.aliyuncs.com|dcdn-test", "ArgName": "oss_pri_buckets" } ], "functionName": "oss_auth" }], "DomainNames": "example.com" }
Cache settings
filetype_based_ttl_set
Feature description: configures a time-to-live (TTL) for files. For more information, see Add a cache rule for resources.
Feature ID (FunctionID/FuncId): 6.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ttl
Integer
Yes
The TTL. Unit: seconds. Valid values: 1 to 99999999 (more than 3 years).
500000
file_type
String
Yes
The filename extensions, which are case-sensitive. Separate filename extensions with commas (,). Example: jpg,txt.
jpg
weight
Integer
No
The weight. Valid values: 1 to 99.
NoteDefault value: 1. A larger value indicates a higher priority.
1
swift_origin_cache_high
String
No
Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Valid values:
on
off (default)
off
swift_no_cache_low
String
No
Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.
Cache-Control: no-store
Cache-Control: no-cache
Cache-Control: max-age=0
Pragme: no-cache
Valid values:
on
off (default)
off
swift_follow_cachetime
String
No
Specifies whether the client uses the cache policy that is used by DCDN. Valid values:
on
off (default)
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "file_type", "argValue": "jpg" }, { "argName": "weight", "argValue": "1" }, { "argName": "ttl", "argValue": "500000" }, { "argName": "swift_origin_cache_high", "argValue": "off" }, { "argName": "swift_no_cache_low", "argValue": "off" }, { "argName": "swift_follow_cachetime", "argValue": "off" }], "functionName": "filetype_based_ttl_set" }], "DomainNames": "example.com" }
path_based_ttl_set
Feature description: configures a TTL for directories. For more information, see Add a cache rule for resources.
Feature ID (FunctionID/FuncId): 7.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ttl
Integer
Yes
The TTL. Unit: seconds. Valid values: 1 to 99999999 (more than 3 years).
500000
path
String
Yes
The directory. It must start with a forward slash (/).
/example/demo
weight
Integer
No
The weight. Valid values: 1 to 99.
NoteDefault value: 1. A larger value indicates a higher priority.
1
swift_origin_cache_high
String
No
Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Valid values:
on
off (default)
off
swift_no_cache_low
String
No
Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.
Cache-Control: no-store
Cache-Control: no-cache
Cache-Control: max-age=0
Pragme: no-cache
Valid values:
on
off (default)
off
swift_follow_cachetime
String
No
Specifies whether the client uses the cache policy that is used by DCDN. Valid values:
on
off (default)
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "path", "argValue": "/example/demo" }, { "argName": "weight", "argValue": "1" }, { "argName": "ttl", "argValue": "500000" }, { "argName": "swift_origin_cache_high", "argValue": "off" }, { "argName": "swift_no_cache_low", "argValue": "off" }, { "argName": "swift_follow_cachetime", "argValue": "off" }], "functionName": "path_based_ttl_set" }], "DomainNames": "example.com" }
filetype_force_ttl_code
Feature description: configures a TTL for HTTP status codes of files. For more information, see Create a cache rule for HTTP status codes.
Feature ID (FunctionID/FuncId): 63.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
file_type
String
Yes
The filename extensions, which are case-sensitive. Separate filename extensions with commas (,). Example: jpg,txt.
jpg
code_string
String
Yes
The status code and its TTL. The TTL is measured in seconds. The maximum TTL is 3 years. Separate multiple values with commas (,). Example: 302=0,301=0,4xx=2.
403=10
swift_origin_cache_high
String
No
Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Valid values:
on
off (default)
off
swift_no_cache_low
String
No
Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.
Cache-Control: no-store
Cache-Control: no-cache
Cache-Control: max-age=0
Pragme: no-cache
Valid values:
on
off (default)
off
swift_follow_cachetime
String
No
Specifies whether the client uses the cache policy that is used by DCDN. Valid values:
on
off (default)
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "file_type", "argValue": "jpg" }, { "argName": "code_string", "argValue": "403=10" }, { "argName": "swift_origin_cache_high", "argValue": "off" }, { "argName": "swift_no_cache_low", "argValue": "off" }, { "argName": "swift_follow_cachetime", "argValue": "off" }], "functionName": "filetype_force_ttl_code" }], "DomainNames": "example.com" }
path_force_ttl_code
Feature description: configures a TTL for HTTP status codes of directories. For more information, see Create a cache rule for HTTP status codes.
Feature ID (FunctionID/FuncId): 65.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
path
String
Yes
The directory. It must start with a forward slash (/). Example: /image.
/example/demo
code_string
String
Yes
The status code and its TTL. Unit: seconds. Valid values: 1 to 99999999 (more than 3 years). Separate multiple key-value pairs with commas (,). Example: 302=0,301=0,4xx=2.
403=10,404=15
swift_origin_cache_high
String
No
Specifies whether cache policies on origin servers prevail when origin servers respond to cache-related headers, such as Cache-Control and Pragma. Valid values:
on
off (default)
off
swift_no_cache_low
String
No
Specifies whether to ignore the following response headers from origin servers. If this parameter is set to on, resources are not cached.
Cache-Control: no-store
Cache-Control: no-cache
Cache-Control: max-age=0
Pragme: no-cache
Valid values:
on
off (default)
off
swift_follow_cachetime
String
No
Specifies whether the client uses the cache policy that is used by DCDN. Valid values:
on
off (default)
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "path", "argValue": "/example/demo" }, { "argName": "code_string", "argValue": "403=10,404=15" }, { "argName": "swift_origin_cache_high", "argValue": "off" }, { "argName": "swift_no_cache_low", "argValue": "off" }, { "argName": "swift_follow_cachetime", "argValue": "off" }], "functionName": "path_force_ttl_code" }], "DomainNames": "example.com" }
default_ttl_code
Feature description: configures a status code expiration rule that honors the origin.
Feature ID (FunctionID/FuncId): 207.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
default_ttl_code
String
Yes
The status code and its TTL. Unit: seconds. Valid values: 1 to 99999999 (more than 3 years). Separate multiple values with commas (,).
4xx=3,200=3600,5xx=1
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "default_ttl_code", "argValue": "4xx=3,200=3600,5xx=1" }], "functionName": "default_ttl_code" }], "DomainNames": "example.com" }
set_resp_header
Feature description: configures a custom HTTP response header. For more information, see Configure an HTTP response header.
Feature ID (FunctionID/FuncId): 27.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
key
String
Yes
The response header.
Cache-Control
value
String
Yes
The header values. Separate header values with commas (,).
NoteIf you want to delete a response header, set the header value to null.
no-cache
header_operation_type
String
No
The operation that you want to perform on the request header. Valid values:
add
delete
modify
rewrite
add
duplicate
String
No
Specifies whether to allow duplicate request headers. If you set the header_operation_type parameter to add, you must specify this parameter.
on
off
off
header_source
String
No
The header value that you want to replace. This parameter is required if you set the header_operation_type parameter to rewrite. Regular expressions are supported.
value1
header_destination
String
No
The header value that is used to replace the original header value. This parameter is required if you set the header_operation_type parameter to rewrite.
value123
match_all
String
No
The match mode. This parameter is required if you set the header_operation_type parameter to rewrite. Valid values:
on: All header values that match the search condition are replaced.
off: Only the first value that matches the search condition is replaced.
/
access_origin_control
String
No
Specifies whether to enable cross-origin resource sharing (CORS).
on
off
/
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "header_operation_type", "argValue": "add" }, { "argName": "key", "argValue": "Cache-Control" }, { "argName": "value", "argValue": "no-cache" }, { "argName": "duplicate", "argValue": "off" }], "functionName": "set_resp_header" }], "DomainNames": "example.com" }
error_page
Feature description: configures a custom error page. For more information, see Create a custom error page.
Feature ID (FunctionID/FuncId): 15.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
error_code
Integer
Yes
The HTTP status code.
404
rewrite_page
String
Yes
The page to which requests are redirected.
http://example.aliyundoc.com/error404.htmlExample:
{ "Functions": [{ "functionArgs": [{ "argName": "error_code", "argValue": "404" }, { "argName": "rewrite_page", "argValue": "http://example.aliyundoc.com/error404.html" }], "functionName": "error_page" }], "DomainNames": "example.com" }
host_redirect
Feature description: configures a URI rewrite rule. For more information, see Create a URI rewrite rule.
Feature ID (FunctionID/FuncId): 43.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
regex
String
Yes
The URI that you want to rewrite. It must start with a forward slash (/) and cannot contain http:// or a domain name. You can use Perl Compatible Regular Expressions (PCRE) to specify the URI, for example, ^/hello$.
^/hello$
replacement
String
Yes
The final URI. It must start with a forward slash (/) and cannot contain http:// or a domain name.
/hello/test
flag
String
No
The operation that you want POPs to perform after a URI is rewritten. Valid values:
empty: This is the default value, which indicates that the flag parameter is not specified. If multiple rules are configured and the URL in a request matches a rule, the request is matched against other rules after the current rule is executed.
break: If the URL in a request matches a rule, the requested URL is overwritten by the final URL. Parameters in the original URL are not modified. After the current rule is executed, other rules are skipped.
redirect: If the URL in a request matches a rule, DCDN returns the HTTP status code 302 and the request is redirected to the final URL. The value of the Location header in the response message that is returned by the POP to the client is the final URL. Parameters in the original URL are not modified. After the current rule is executed, the request is matched against other rules.
enhance_break: enhance_break is similar to break, but enhance_break modifies the URL, including parameters.
enhance_redirect: enhance_redirect is similar to redirect, but enhance_redirect modifies the URL, including parameters.
NoteDifferent rules use different rewrite methods, and whether the rewritten URL supports other domain names and other protocols also varies.
empty, break, and enhance_break rewrite the URL in a request, but cannot modify the domain name or protocol in the URL. For example, the rules cannot modify the protocol from HTTP to HTTPS.
redirect and enhance_redirect use 302 redirection to rewrite a URL, and can modify the domain name or protocol in the URL.
302 You can set the Location header to the current domain name or another domain name. This way, the original URL uses the example.com domain name, and the rewritten URL uses the aliyundoc.com domain name.
302 The Location header in 302 redirection responses supports different protocols. This way, the original URL uses the HTTP protocol, and the rewritten URL uses the HTTPS protocol.
redirect
rewrite_method
String
No
The redirect method. Valid values: 302, 303, and 307.
302: the default redirect method. The GET request method does not change. Other request methods may be changed to GET.
303: The GET request method does not change. Other request methods may be changed to GET, and the message body is dropped.
307: The request method and message body remain unchanged.
302
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "flag", "argValue": "redirect" }, { "argName": "regex", "argValue": "^/hello$" }, { "argName": "replacement", "argValue": "/hello/test" }, { "argName": "rewrite_method", "argValue": "302" }], "functionName": "host_redirect" }], "DomainNames": "example.com" }
self_defined_cachekey
Feature description: configures custom cache keys. For more information, see Set a custom cache key.
Feature ID (FunctionID/FuncId): 227.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
uri
Array of String
No
Rewrites a URI and saves the final URI as a cache key.
uri_to_rewrite: the original URI that you want to rewrite.
ai_uri_regex: the final URI.
[{"uri_to_rewrite":"/hello","ai_uri_regex":"/hello/test"}]args
Array of String
No
Specifies whether to add, delete, modify, or retain parameters in requests, and save the final URI as a cache key. Valid values:
args_operation_type: the operation that you want to perform. Valid values: add, delete, modify, and keep.
args: the content that you want to add, delete, modify, or keep.
[{"args":"test=123","args_operation_type":"add"}]headers
String
No
The HTTP headers that you want to add to the URI and the cache key. Separate multiple headers with spaces.
example
variable
Array of String
No
The custom variable. You can use a regular expression to extract fields from request parameters, HTTP headers, cookies, and URIs. Then, you can add the extracted fields to cache keys.
[]
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "uri", "argValue": [{ "uri_to_rewrite": "/hello", "ai_uri_regex": "/hello/test" }] }, { "argName": "args", "argValue": [{ "args": "test=123", "args_operation_type": "add" }] }, { "argName": "headers", "argValue": "" }, { "argName": "variable", "argValue": [] }], "functionName": "self_defined_cachekey" }], "DomainNames": "example.com" }
rewrite_host
Feature description: configures cache sharing.
Feature ID (FunctionID/FuncId): 54.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
share_host
String
Yes
The domain name with which you want the current domain name to share cache. Configuring this parameter does not modify the origin host of the request. The value of share_host is used to generate a cache key for the query.
example.com
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "share_host", "argValue": "example.com" }], "functionName": "rewrite_host" }], "DomainNames": "example.com" }
serving_stale_content
Feature description: configures POPs to serve stale content.
Feature ID (FunctionID/FuncId): 260.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
origin_error_status_code
String
No
The HTTP status code that is returned when the origin server is unreachable.
By default, this parameter is left empty. Normally, your origin is considered unreachable if the origin response times out and an HTTP status code 5xx is returned.
You can enter 4xx or 5xx for fuzzy match, or enter exact status codes such as 502 or 504. Separate multiple status codes with commas (,).
502
extend_expiration_time
Integer
No
The stale TTL, which defines how long DCDN can serve the stale content if the origin server is unreachable.
By default, this parameter is left empty, which indicates that DCDN serves the stale content for 1 hour.
The value must be a positive integer greater than or equal to 1. Unit: seconds.
60
origin_first
String
No
Specifies whether to honor the origin policy.
If you set this parameter to on and
Cache-Control: stale-if-error=xxis included in the response from the origin server, POPs serve the stale content for the time specified by stale-if-error.By default, this parameter is left empty, which is equivalent to the value off. In this case, POPs serve the stale content for the time specified by extend_expiration_time.
Valid values: on and off.
on
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "origin_error_status_code", "argValue": "502" }, { "argName": "extend_expiration_time", "argValue": "60" }, { "argName": "origin_first", "argValue": "off" }], "functionName": "serving_stale_content" }], "DomainNames": "example.com" }
HTTPS settings
https_option
Feature description: configures basic HTTPS parameters. For more information, see Configure an SSL certificate, Configure HTTP/2, and Configure OCSP stapling.
Feature ID (FunctionID/FuncId): 78.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
http2
String
No
Specifies whether to enable HTTP/2. Valid values:
on
off
on
ocsp_stapling
String
No
Specifies whether to enable Online Certificate Status Protocol (OCSP) stapling. Valid values:
on
off
on
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "http2", "argValue": "on" }, { "argName": "ocsp_stapling", "argValue": "on" }], "functionName": "https_option" }], "DomainNames": "example.com" }
http_force
Feature description: configures force redirect to HTTP. For more information, see Configure force redirect.
Feature conflicts: The redirection to HTTP feature conflicts with the redirection to HTTPS feature (function: https_force, feature ID: 44). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 45.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable force redirect to HTTP. Valid values:
on
off
on
http_rewrite
String
No
The redirect method. Valid values: 301 and 308.
301: The GET request method does not change. Other request methods may be changed to GET.
308: The request method and message body remain unchanged.
301
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "http_rewrite", "argValue": "301" }], "functionName": "http_force" }], "DomainNames": "example.com" }
https_force
Feature description: configures force redirect to HTTPS. For more information, see Configure force redirect.
Feature conflicts: The redirection to HTTPS feature conflicts with the redirection to HTTP feature (function: http_force, feature ID: 45). You can use only one of the two features. If you have configured one of the features, you need to delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 44.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable force redirect to HTTPS. Valid values:
on
off
on
https_rewrite
String
No
The redirect method. Valid values: 301 and 308.
301: The GET request method does not change. Other request methods may be changed to GET.
308: The request method and message body remain unchanged.
301
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "https_rewrite", "argValue": "301" }], "functionName": "https_force" }], "DomainNames": "example.com" }
https_tls_version
Feature description: configures the TLS protocol version. For more information, see Configure TLS version control.
Feature ID (FunctionID/FuncId): 110.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
tls10
String
No
Specifies whether to enable TLS 1.0. Valid values:
on (default)
off
on
tls11
String
No
Specifies whether to enable TLS 1.1. Valid values:
on
off
on
tls12
String
No
Specifies whether to enable TLS 1.2. Valid values:
on
off
on
tls13
String
No
Specifies whether to enable TLS 1.3. Valid values:
on
off
on
ciphersuitegroup
String
No
The cipher suite group. Valid values:
all (default): all cipher suites.
strict: the enhanced cipher suite.
custom: the custom cipher suite.
all
ciphersuite
String
No
The cipher suites. This parameter is used together with the ciphersuitegroup parameter. Separate multiple cipher suites with commas (,).
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Example:
TLS 1.0, 1.1, and 1.2 are enabled, and all cipher suites are used. This is the default configuration.
{ "Functions": [{ "functionArgs": [ { "ArgValue": "on", "ArgName": "tls10" }, { "ArgValue": "on", "ArgName": "tls11" }, { "ArgValue": "on", "ArgName": "tls12" }, { "ArgValue": "off", "ArgName": "tls13" }, { "ArgValue": "all", "ArgName": "ciphersuitegroup" } ], "functionName": "https_tls_version" }], "DomainNames": "example.com" }TLS 1.2 and 1.3 are enabled, and the enhanced cipher suite is used.
{ "Functions": [{ "functionArgs": [ { "ArgValue": "off", "ArgName": "tls10" }, { "ArgValue": "off", "ArgName": "tls11" }, { "ArgValue": "on", "ArgName": "tls12" }, { "ArgValue": "on", "ArgName": "tls13" }, { "ArgValue": "strict", "ArgName": "ciphersuitegroup" } ], "functionName": "https_tls_version" }], "DomainNames": "example.com" }TLS 1.2 and 1.3 are enabled, and a custom cipher suite is used.
{ "Functions": [{ "functionArgs": [ { "ArgValue": "off", "ArgName": "tls10" }, { "ArgValue": "off", "ArgName": "tls11" }, { "ArgValue": "on", "ArgName": "tls12" }, { "ArgValue": "on", "ArgName": "tls13" }, { "ArgValue": "custom", "ArgName": "ciphersuitegroup" }, { "ArgValue": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "ArgName": "ciphersuite" } ], "functionName": "https_tls_version" }], "DomainNames": "example.com" }
HSTS
Feature description: configures HTTP Strict Transport Security (HSTS). For more information, see Configure HSTS.
Feature ID (FunctionID/FuncId): 112.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enabled
String
Yes
Specifies whether to enable HSTS. Valid values:
on
off
on
https_hsts_max_age
Integer
Yes
The TTL. Unit: seconds.
NoteWe recommend that you set the value to 5184000 (60 days).
5184000
https_hsts_include_subdomains
String
No
Specifies whether to include subdomains in HSTS headers. Valid values: on and off.
NoteProceed with caution when you enable this feature. Make sure that HTTPS is enabled for all the subdomains of the accelerated domain name. Otherwise, the HTTPS URLs to which requests are redirected from the subdomains become inaccessible.
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enabled", "argValue": "on" }, { "argName": "https_hsts_max_age", "argValue": "5184000" }, { "argName": "https_hsts_include_subdomains", "argValue": "off" }], "functionName": "HSTS" }], "DomainNames": "example.com" }
Access control settings
referer_white_list_set
Feature description: configures a Referer whitelist. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.
Feature conflicts: The Referer whitelist feature conflicts with the Referer blacklist feature (function: referer_black_list_set, feature ID: 5). You can use only one of the two features. If you have configured one of the features, you must delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 1.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
refer_domain_allow_list
String
Yes
The domain names that you want to add to the Referer whitelist. Separate multiple domain names with commas (,).
example.aliyundoc.com,demo.aliyundoc.comallow_empty
String
No
Specifies whether to allow requests with an empty Referer header to access DCDN resources. Valid values:
on
off (default)
off
redirect_url
String
No
The redirect URL. If the Referer information in the request does not match the information in the whitelist, the 403 status code is not returned after the request is blocked. In this case, the 302 status code and the Location header are returned. This parameter is the value of the Location header and starts with http:// or https://.
http://www.example.comdisable_ast
String
No
Specifies whether to enable exact match for domain names in the whitelist. Default value: off. If you set this parameter to on, the exact match for domain names is enabled.
If you set this parameter to on, the following rules apply:
Exact match is supported.
If you add
example.comto the whitelist,example.comis matched.If you add
a*b.example.comto the whitelist,a<Any characters>b.example.comis matched.
Suffix match is not supported.
If you set this parameter to off, the following rules apply:
Exact match is not supported.
Suffix match is supported.
If you add
example.comto the whitelist,example.comand<Any characters>.example.comare matched.If you add
a*b.example.comto the whitelist,a<Any characters>b.example.comand<Any characters>.a<Any characters>b.example.comare matched.
off
ignore_scheme
String
No
Specifies whether to ignore the scheme parameter. After you enable this feature, if the Referer in the request does not have an HTTP or HTTPS header, the Referer is still considered valid. Example:
If you set this parameter to on, the Referer is in the following format:
referer: www.example.comIf you set this parameter to off, the Referer is in the following format:
referer: https://www.example.com
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "allow_empty", "argValue": "off" }, { "argName": "refer_domain_allow_list", "argValue": "example.aliyundoc.com,demo.aliyundoc.com" }], "functionName": "referer_white_list_set" }], "DomainNames": "example.com" }
referer_black_list_set
Feature description: configures a Referer blacklist. For more information, see Configure a Referer whitelist or blacklist to enable hotlink protection.
Feature conflicts: The Referer blacklist feature conflicts with the Referer whitelist feature (function: referer_white_list_set, feature ID: 1). You can use only one of the two features. If you have configured one of the features, you need to delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 5.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
refer_domain_deny_list
String
Yes
The domain names that you want to add to the Referer blacklist. Separate multiple domain names with commas (,).
example.aliyundoc.com,demo.aliyundoc.comallow_empty
String
No
Specifies whether to allow requests with an empty Referer header to access DCDN resources. Valid values:
on
off
off
redirect_url
String
No
The redirect URL. If the Referer information in the request matches the information in the blacklist, the 403 status code is not returned after the request is blocked. In this case, the 302 status code and the Location header are returned. This parameter is the value of the Location header and starts with http:// or https://.
http://www.example.comdisable_ast
String
No
Specifies whether to enable exact match for domain names in the blacklist. Default value: off. If you set this parameter to on, the exact match for domain names is enabled.
If you set this parameter to on, the following rules apply:
Exact match is supported.
If you add
example.comto the blacklist,example.comis matched.If you add
a*b.example.comto the blacklist,a<Any characters>b.example.comis matched.
Suffix match is not supported.
If you set this parameter to off, the following rules apply:
Exact match is not supported.
Suffix match is supported.
If you add
example.comto the blacklist,example.comand<Any characters>.example.comare matched.If you add
a*b.example.comto the blacklist,a<Any characters>b.example.comand<Any characters>.a<Any characters>b.example.comare matched.
off
ignore_scheme
String
No
Specifies whether to ignore the scheme parameter. After you enable this feature, if the Referer in the request does not have an HTTP or HTTPS header, the Referer is still considered valid. Example:
If you set this parameter to on, the Referer is in the following format:
referer: www.example.comIf you set this parameter to off, the Referer is in the following format:
referer: https://www.example.com
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "allow_empty", "argValue": "off" }, { "argName": "refer_domain_deny_list", "argValue": "example.aliyundoc.com,demo.aliyundoc.com" }], "functionName": "referer_black_list_set" }], "DomainNames": "example.com" }
aliauth
Feature description: configures URL signing. For more information, see Configure URL signing.
Feature ID (FunctionID/FuncId): 25.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
auth_m3u8
String
No
Specifies whether to enable M3U8 rewrite. M3U8 rewrite authenticates access to TS files. If M3U8 rewrite is disabled, access to TS files may be denied. Valid values: on and off. Default value: on.
on
auth_type
String
Yes
The signing type. Valid values:
no_auth: disables URL signing.
type_a: enables type A signing.
type_b: enables type B signing.
type_c: enables type C signing.
type_f: enables type F signing.
type_a
auth_key1
String
Yes
The cryptographic key 1. The key must be 16 to 128 characters in length and can contain letters and digits.
1234567890123456789
auth_key2
String
No
The cryptographic key 2. The key must be 16 to 128 characters in length and can contain letters and digits.
1234567890123456789
ali_auth_delta
Integer
No
The validity period of the encrypted URLs. Unit: seconds. Default value: 1800.
1800
req_auth_ip_white
String
No
The IP address whitelist. The IP addresses in the whitelist are not verified for authentication.
You can enter multiple IP addresses. Separate multiple IP addresses with commas (,).
192.168.0.1
req_auth_ip_acl_xfwd
String
No
The IP address verification mode. Valid values:
on: This is the default mode. This mode verifies only the client IP address. The client IP address is the first IP address in the XFF header in a client request.
off: This mode verifies only the IP address that is used by a client to connect to a POP.
all: This mode verifies the following IP addresses:
The first IP address in the XFF header, which is the client IP address.
The IP address that is used by a client to connect to a POP.
all
sign_param
String
No
The name of the signature parameter. This parameter takes effect only when the auth_type parameter is set to type_f.
sign
time_param
String
No
The name of the timestamp parameter. This parameter takes effect only when the auth_type parameter is set to type_f.
time
time_format
String
No
The value is a UNIX timestamp. This parameter takes effect only when the auth_type parameter is set to type_f.
dec: decimal.
hex: hexadecimal.
hec
path_encoding
String
No
Specifies whether to enable URL encoding. Valid values: on and off. This parameter takes effect only when the auth_type parameter is set to type_f.
on
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "auth_type", "argValue": "type_a" }, { "argName": "auth_key1", "argValue": "1234567890123456789" }, { "argName": "auth_key2", "argValue": "1234567890123456789" }, { "argName": "ali_auth_delta", "argValue": 1800 }, { "argName": "req_auth_ip_white", "argValue": "192.168.0.1" }, { "argName": "req_auth_ip_acl_xfwd", "argValue": "all" }{ "argName": "sign_param", "argValue": "sign" }, { "argName": "time_param", "argValue": "time", }, { "argName": "time_format", "argValue": "hec" }, { "argName": "path_encoding", "argValue": "on" }], "functionName": "aliauth" }], "domainNames": "example.com" }
cdn_remote_auth
Feature description: configures remote authentication.
Feature ID (FunctionID/FuncId): 258.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable remote authentication. Valid values:
on
off
on
remote_auth_addr
String
Yes
The address of the authentication server. Format:
https://dcdn.aliyun.com/authorhttp://10.10.10.10/auth.https://example.aliyundoc.com/auth
remote_auth_method
String
Yes
The request method. Valid values: get, post, and head.
get
remote_auth_type
String
Yes
The filename extensions. Separate filename extensions with vertical bars (|). The value is case-sensitive. For example, jpg is different from JPG. The value all specifies all filename extensions.
all
remote_auth_reserve_args
String
Yes
The parameters that you want to retain. Separate parameters with vertical bars (|). The value is not case-sensitive. For example, key is equivalent to KEY.
all: retains all parameters.
ali_delete_all_args: deletes all parameters in the URL.
all
remote_auth_custom_args
String
No
The parameters that you want to add. Separate parameters with vertical bars (|). The value is case-sensitive. For example, key is different from KEY.
None
remote_auth_reserve_header
String
Yes
The request headers that you want to retain. Separate request headers with vertical bars (|). The value is not case-sensitive. For example, http_remote_addr is equivalent to HTTP_Remote_Addr.
all: retains all request headers.
ali_delete_all_headers: deletes all request headers.
all
remote_auth_custom_header
String
No
The request headers that you want to add. Separate request headers with vertical bars (|). The value is not case-sensitive. For example, http_remote_addr is equivalent to HTTP_Remote_Addr.
None
remote_auth_success_code
Integer
Yes
The HTTP status code that is returned to DCDN when a request passes authentication. Example: 200. Separate multiple HTTP status codes with commas (,).
200
remote_auth_fail_code
Integer
Yes
The HTTP status code that is returned to DCDN when a request fails authentication. Example: 403. Separate multiple HTTP status codes with commas (,).
403,404
remote_auth_other_code_act
String
No
The operation to perform when the HTTP status code that is returned to DCDN does not indicate that a request passes or fails authentication. Valid values:
pass (default): DCDN allows the request.
reject: DCDN rejects the request.
pass
remote_auth_fail_resp_code
Integer
Yes
The HTTP status code that is returned by DCDN when a request fails authentication. For example, if you set this parameter to 403, DCDN returns the HTTP 403 status code to the user when a request fails authentication.
403
remote_auth_timeout
Integer
Yes
The authentication timeout period. Unit: milliseconds. Maximum value: 3000.
500
remote_auth_timeout_action
String
Yes
The action that is performed when authentication times out. Valid values:
pass: DCDN allows the request.
reject: DCDN returns the specified HTTP status code for authentication failures to the user.
pass
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "remote_auth_addr", "argValue": "https://example.aliyundoc.com/auth" }, { "argName": "remote_auth_method", "argValue": "get" }, { "argName": "remote_auth_type", "argValue": "all" }, { "argName": "remote_auth_reserve_args", "argValue": "all" }, { "argName": "remote_auth_custom_args", "argValue": "" }, { "argName": "remote_auth_reserve_header", "argValue": "all" }, { "argName": "remote_auth_custom_header", "argValue": "" }, { "argName": "remote_auth_success_code", "argValue": "200" }, { "argName": "remote_auth_fail_code", "argValue": "403" }, { "argName": "remote_auth_other_code_act", "argValue": "pass" }, { "argName": "remote_auth_fail_resp_code", "argValue": "403" }, { "argName": "remote_auth_timeout", "argValue": 500 }, { "argName": "remote_auth_timeout_action", "argValue": "pass" }], "functionName": "cdn_remote_auth" }], "DomainNames": "example.com" }
ip_allow_list_set
Feature description: configures an IP address whitelist. For more information, see Configure an IP address blacklist or whitelist.
Feature conflicts: The IP address whitelist feature conflicts with the IP address blacklist feature (function: ip_black_list_set, feature ID: 13). You can use only one of the two features. If you have configured one of the features, you need to delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 69.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ip_list
String
Yes
The IP addresses that you want to add to the whitelist. Separate multiple IP addresses with commas (,).
192.168.0.1/24
ip_acl_xfwd
String
No
Specifies whether to use the IP address in the X-Forwarded-For header for verification. Valid values:
on (default): uses the first IP address in the
X-Forwarded-Forrequest header for verification.off: uses the
IP address that is used to connect to the POPfor verification.all: uses both the first IP address in the
X-Forwarded-Forrequest header and theIP address that is used to connect to the POPfor verification.
all
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "ip_list", "argValue": "192.168.0.1/24" }], "functionName": "ip_allow_list_set" }], "DomainNames": "example.com" }
ip_black_list_set
Feature description: configures an IP address blacklist. For more information, see Configure an IP address blacklist or whitelist.
Feature conflicts: The IP address blacklist feature conflicts with the IP address whitelist feature (function: ip_allow_list_set, feature ID: 69). You can use only one of the two features. If you have configured one of the features, you need to delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 13.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ip_list
String
Yes
The IP addresses that you want to add to the blacklist. Separate multiple IP addresses with commas (,).
192.168.0.1
ip_acl_xfwd
String
No
Specifies whether to use the IP address in the X-Forwarded-For header for verification. Valid values:
on (default): uses the first IP address in the
X-Forwarded-Forrequest header for verification.off: uses the
IP address that is used to connect to the POPfor verification.all: uses both the first IP address in the
X-Forwarded-Forrequest header and theIP address that is used to connect to the POPfor verification.
all
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "ip_list", "argValue": "192.168.0.1" }], "functionName": "ip_black_list_set" }], "DomainNames": "example.com" }
ali_ua
Feature description: configures a User-Agent whitelist or blacklist. For more information, see Configure a User-Agent blacklist or whitelist.
Feature ID (FunctionID/FuncId): 58.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ua
String
Yes
The user agents that you want to add to the whitelist or blacklist. You can use asterisks (*) to match any characters and specify multiple values. Separate values with vertical bars (|). Example:
*curl*|*IE*|*chrome*|*firefox*.*curl*|*IE*|*chrome*|*firefox*
type
String
Yes
The type of the list. Valid values:
black: a blacklist.
white: a whitelist.
NoteThe blacklist and whitelist are mutually exclusive. You can enable only one type of list.
black
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "ua", "argValue": "*curl*|*IE*|*chrome*|*firefox*" }, { "argName": "type", "argValue": "black" }], "functionName": "ali_ua" }], "DomainNames": "example.com" }
Performance improvement
tesla
Feature description: configures HTML optimization. For more information, see Configure HTML optimization.
Feature ID (FunctionID/FuncId): 16.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable HTML optimization. Valid values:
on
off
on
trim_js
String
No
Specifies whether to optimize the JavaScript code of HTML pages. Valid values:
on
off (default)
off
trim_css
String
No
Specifies whether to optimize the CSS code of HTML pages. Valid values:
on
off (default)
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "trim_css", "argValue": "off" }, { "argName": "trim_js", "argValue": "off" }], "functionName": "tesla" }], "DomainNames": "example.com" }
gzip
Feature description: configures Gzip compression. For more information, see Use the Gzip compression feature.
Feature ID (FunctionID/FuncId): 35.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable Gzip compression. Valid values:
on
off
on
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "gzip" }], "DomainNames": "example.com" }
brotli
Feature description: configures Brotli compression. For more information, see Configure Brotli compression.
Feature ID (FunctionID/FuncId): 97.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable Brotli compression. Valid values:
on
off
on
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "brotli" }], "DomainNames": "example.com" }
set_hashkey_args
Feature description: retains URL parameters. For more information, see Parameter filtering.
Feature conflicts: The URL parameter retaining feature conflicts with the URL parameter deleting feature (function: ali_remove_args, feature ID: 75). You can use only one of the two features. If you have configured one of the features, you need to delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 19.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
hashkey_args
String
No
The parameters that you want to retain. You can specify up to 10 parameters. Separate parameters with commas (,).
key1,key2
disable
String
Yes
Specifies whether to ignore all parameters. Default value: off.
on: ignores all parameters. Only the Add rule takes effect. The Delete, Retain, and Modify rules do not take effect.
off: does not ignore parameters. The Retain, Add, and Delete rules remain effective.
NoteThe hashkey_args setting has a higher priority. Even if you have set this parameter to on, the parameters specified by hashkey_args are retained.
on
keep_oss_args
String
Yes
Specifies whether to retain parameters during origin fetch. Valid values:
on: retains all parameters during origin fetch.
off: retains only the parameters that are specified in hashkey.
on
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "hashkey_args", "argValue": "" }, { "argName": "keep_oss_args", "argValue": "on" }, { "argName": "disable", "argValue": "on" }], "functionName": "set_hashkey_args" }], "DomainNames": "example.com" }
ali_remove_args
Feature description: deletes URL parameters. For more information, see Parameter filtering.
Feature conflicts: The URL parameter deleting feature conflicts with the URL parameter retaining feature (function: set_hashkey_args, feature ID: 19). You can use only one of the two features. If you have configured one of the features, you need to delete the configuration of the feature before you configure the other feature. You can call the DeleteDcdnSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter and the parameter is set to off, the feature is still considered configured.
Feature ID (FunctionID/FuncId): 75.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
ali_remove_args
String
Yes
The parameters that you want to delete. Separate multiple parameters with spaces.
NoteThe parameters that are retained are used as the URL parameters in hashkey.
test
keep_oss_args
String
Yes
Specifies whether to retain parameters during origin fetch. Valid values:
on: retains all parameters during origin fetch.
off: retains only the parameters that are specified in hashkey.
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "ali_remove_args", "argValue": "test" }, { "argName": "keep_oss_args", "argValue": "off" }], "functionName": "ali_remove_args" }], "DomainNames": "example.com" }
image_transform
Feature description: configures image editing. For more information, see Image editing and its benefits.
Feature ID (FunctionID/FuncId): 239.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable image editing. Valid values:
on
off
on
filetype
String
Yes
The image formats that you want to convert. Separate multiple values with vertical bars (|). Valid values:
JPEG
JPG
PNG
WEBP
BMP
GIF
TIFF
JP2: JPEG 2000.
jpg|jpeg|png
webp
String
No
Specifies whether to enable automatic conversion to WebP. Valid values:
on
off
on
orient
String
No
Specifies whether to enable automatic rotation. Valid values:
on
off
NoteThis feature takes effect only for images that carry rotation properties.
on
slim
Integer
No
Image compression. You can set the compression rate. Valid values: 0 to 100. Image compression reduces data transfer without changing the resolution, size, or format of images.
10
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "filetype", "argValue": "jpg|jpeg|png" }, { "argName": "webp", "argValue": "on" }, { "argName": "orient", "argValue": "on" }, { "argName": "slim", "argValue": "" }, { "argName": "enable", "argValue": "on" }], "functionName": "image_transform" }], "DomainNames": "example.com" }
Video-related settings
range
Feature description: configures range origin fetch. For more information, see Configure range origin fetch.
Feature ID (FunctionID/FuncId): 31.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable range origin fetch. Valid values:
on: enables range origin fetch.
off: disables range origin fetch.
force: forcibly enables range origin fetch.
on
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "range" }], "DomainNames": "example.com" }
video_seek
Feature description: configures video seeking. For more information, see Configure video seeking.
Feature ID (FunctionID/FuncId): 30.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable video seeking. Valid values:
on
off
on
flv_seek_by_time
String
No
Specifies whether to enable video seeking by time for FLV files. Valid values:
on
off
on
mp4_seek_start
String
No
The custom start parameter for MP4 files.
mp4starttime
mp4_seek_end
String
No
The custom end parameter for MP4 files.
mp4endtime
flv_seek_start
String
No
The custom start parameter for FLV files.
flvstarttime
flv_seek_end
String
No
The custom end parameter for FLV files.
flvendtime
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "video_seek" }], "DomainNames": "example.com" }
ali_video_split
Feature description: configures audio extraction.
Feature ID (FunctionID/FuncId): 204.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable audio extraction. Valid values:
on
off
on
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "ali_video_split" }], "DomainNames": "example.com" }
ali_video_preview
Feature description: configures video preview.
Feature ID (FunctionID/FuncId): 205.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable video preview. Valid values:
on
off
NoteSupported file formats are TS, MP3, FLV, and MP4.
on
ali_video_preview_argument
String
Yes
The custom preview parameter. Unit: seconds.
fds
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "ali_video_preview_argument", "argValue": "fds" }], "functionName": "ali_video_preview" }], "DomainNames": "example.com" }
hls_token_rewrite
Feature description: configures M3U8 encryption and rewrite.
Feature ID (FunctionID/FuncId): 253.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable M3U8 encryption and rewrite. Valid values:
on
off
on
hls_token_arg_name
String
No
The custom parameter name for the HLS token. If you do not specify a name, MtsHlsUriToken is used as the name.
example
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }], "functionName": "hls_token_rewrite" }], "DomainNames": "example.com", }
Security settings
ddos_domain
Feature description: configures DDoS mitigation. For more information, see Mitigation settings.
Feature ID (FunctionID/FuncId): 209.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enable
String
Yes
Specifies whether to enable DDoS mitigation. Valid values:
on
off
on
dispatch_qps
String
Yes
The QPS threshold.
Valid values: 2000 to 50000.
Default value: 20000.
20000
checkurl
String
Yes
The path of the domain name that needs a health check.
Default value:
/, which indicates the default root directory of the domain name./*/examplefile.txt
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enable", "argValue": "on" }, { "argName": "dispatch_qps", "argValue": "20000" }, { "argName": "checkurl", "argValue": "/*/examplefile.txt" }], "functionName": "ddos_domain" }], "DomainNames": "example.com" }
Traffic throttling
limit_rate
Feature description: configures throttling for individual requests.
Feature ID (FunctionID/FuncId): 72.
Parameter description:
You can specify only the ali_limit_rate parameter or specify parameters carried in the request URL to configure throttling. You can also configure the start and end time for throttling.
You can configure throttling by specifying the traffic_limit_arg and traffic_limit_unit parameters carried in the request URL.
You can configure the start time and end time for throttling by specifying the ali_limit_start_hour and ali_limit_end_hour parameters.
Parameter
Type
Required
Description
Example
ali_limit_rate
String
Yes
The throttling rate for individual requests, such as 200 KB/s or 1 MB/s. The value can contain a number and a letter. Unit: byte/s.
The minimum value is 100k, and smaller values are rounded up to 100k.
1m: The throttling rate for individual requests is 1 MB/s.
100k: The throttling rate for individual requests is 100 KB/s.
ali_limit_rate_after
String
No
The threshold value based on which throttling is triggered. The value contains a number and an optional letter (k or m). Unit: byte.
1000
traffic_limit_arg
String
No
The name of the throttling parameter. Throttling is performed based on the value of the specified parameter in URLs. Sample parameter: rate.
If the request does not contain a throttling parameter, the throttling rate is the value of ali_limit_rate. If the request does not contain the throttling parameter, set ali_limit_rate to 0k to disable throttling.
rate
traffic_limit_unit
String
No
The unit of the throttling parameter traffic_limit_arg. Valid values: m (MB/s) and k (KB/s). If the value is set to m, the throttling rate is 1 MB/s if rate carried in the request URL is 1.
The minimum value is 100k, and smaller values are rounded up to 100k.
m
ali_limit_start_hour
Integer
No
The time when throttling starts. Valid values: 0 to 24. Default value: 0. The start time must be earlier than the end time.
NoteSpecify a time in the 24-hour format. The time must be on the hour. For example, 0 represents 00:00:00 and 24 represents 24:00:00.
20
ali_limit_end_hour
Integer
No
The time when throttling ends. Valid values: 0 to 24. Default value: 24. The end time must be later than the start time.
23
Example 1: Set the throttling rate for individual requests to 1 MB/s.
{ "Functions": [{ "functionArgs": [{ "argName": "ali_limit_rate", "argValue": "1m" }], "functionName": "limit_rate" }], "DomainNames": "example.com" }Example 2: The default throttling rate for individual requests is 1 MB/s. If the request URL contains the rate parameter, the throttling rate is the value of the parameter. For example, the value of the rate parameter is 200, the throttling rate is 200 KB/s.
{ "Functions": [{ "functionArgs": [{ "argName": "ali_limit_rate", "argValue": "1m" },{ "argName": "traffic_limit_arg", "argValue": "rate" },{ "argName": "traffic_limit_unit", "argValue": "k" }], "functionName": "limit_rate" }], "DomainNames": "example.com" }
WebSocket
websocket
Feature description: configures WebSocket. For more information, see Configure WebSocket.
Feature ID (FunctionID/FuncId): 144.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
enabled
String
Yes
Specifies whether to enable WebSocket. Valid values:
on
off
on
origin_scheme
String
No
The protocol over which requests are redirected to the origin server when WebSocket is used. Valid values:
http: DCDN redirects requests to the origin server over HTTP.
https: DCDN redirects requests to the origin server over HTTPS. Port 443 of the origin server must be open.
follow: DCDN uses the same protocol (HTTP or HTTPS) as the client to redirect requests to the origin server. Port 443 or 80 of the origin server must be open.
NoteDefault value: follow.
http
heartbeat
String
No
The timeout period for connections.
Valid values: 1 to 300.
Unit: seconds.
Default value: 60.
60
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "enabled", "argValue": "on" }, { "argName": "origin_scheme", "argValue": "http" }, { "argName": "heartbeat", "argValue": "60" }], "functionName": "websocket" }], "DomainNames": "example.com" }
IPA
protogw
Feature description: configures IP Application Accelerator (IPA). For more information, see What is IP Application Accelerator?
Feature ID (FunctionID/FuncId): 163.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
realip
String
Yes
Specifies whether to enable the passthrough of client IP addresses. Valid values:
off
toa: The TCP Option Address (TOA) kernel module inserts the source IP address of a client to the option field in the TCP protocol. Before you use this method, make sure that the origin server has the TOA kernel module installed. No modifications are required for the application.
pp: The proxy protocol inserts the source IP address of a client into the TCP payload. By default, the proxy protocol is supported by the open source versions of NGINX. For other applications on the origin server, make sure that the proxy protocol is supported.
toa
port
String
Yes
The acceleration port.
NoteThe following ports are not supported: 22, 123, 161, 162, 179, 830, 2049, 2601, 2605, 3389, 5049, 7547, 8082, 8087, 8182, 8888, 9998, 15772, 15776, 15778, 15779, 18053, 18098, 18099, 18888, 19313, 19777, and 56667.
If you want to use port 80 and port 443, submit a ticket.
8443
mux
String
No
Specifies whether to enable multiplexing for ports. Valid values:
on
off
off
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "realip", "argValue": "toa" }, { "argName": "port", "argValue": "8443" }, { "argName": "mux", "argValue": "off" }], "functionName": "protogw" }], "DomainNames": "example.com" }
EdgeScript settings
edge_function
Feature description: configures EdgeScript. For more information, see EdgeScript overview.
Feature ID (FunctionID/FuncId): 180.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
rule
String
Yes
The domain-specific language (DSL) script.
if eq($uri, '/') {\n rewrite('https://example.com/index.html', 'redirect')\n}
pri
Integer
Yes
The priority. Valid values: 0 to 999. A smaller value indicates a higher priority.
NoteThe priorities of script execution at the head and at the foot are irrelevant to each other.
0
enable
String
Yes
Specifies whether you want to enable the script. Valid values:
on
off
on
name
String
Yes
The name of the script. The name can contain only letters and underscores (_).
test
pos
String
No
The position where you want to execute the script. Valid values:
head (default): The script is executed at the head of the pipeline.
foot: The script is executed at the foot of the request processing pipeline.
head
brk
String
No
Specifies whether to skip other scripts after the current script is executed. Valid values:
on: After the current script is matched, the scripts after the specified position are skipped.
off (default): If the current script is matched, the system continues matching the request against other scripts.
off
option
String
No
The extension.
None
grammar
String
No
The script syntax. Valid values: es2 and js. Default value: es2.
/
jsmode
String
No
The JavaScript execution mode. Valid values:
redirect: block mode.
bypass (default): bypass mode.
/
Example:
{ "Functions": [{ "functionArgs": [{ "argName": "name", "argValue": "test" }, { "argName": "rule", "argValue": "if eq($uri, '/') {\n rewrite('https://example.com/index.html', 'redirect')\n}" }, { "argName": "pri", "argValue": "0" }, { "argName": "pos", "argValue": "head" }, { "argName": "enable", "argValue": "on" }, { "argName": "brk", "argValue": "off" }, { "argName": "option", "argValue": "" }], "functionName": "edge_function" }], "DomainName": "example.com" }
EdgeRoutine settings
edgeroutine
Feature description: configures EdgeRoutine. For more information, see What is EdgeRoutine?
Feature ID (FunctionID/FuncId): 275.
To use this feature, submit a ticket.
Rules engine settings
condition
Feature description: configures rules in a graphical user interface. You can configure rules to identify user requests that carry different parameters to determine whether a configuration applies to the requests. This is a more flexible and precise solution for managing policies that you set in DCDN.
Feature ID (FunctionID/FuncId): 250.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
rule
Array
Yes
The content of a rule, including the name, status, logic operator, and conditional expression.
Rule content:
{\"match\":{\"logic\":\"and\",\"criteria\":[{\"matchType\":\"clientipVer\",\"matchObject\":\"CONNECTING_IP\",\"matchOperator\":\"equals\",\"matchValue\":\"v6\",\"negate\":false}]},\"name\":\"example\",\"status\":\"enable\"}Fields:
Name: example
Status: enable
Logic operator: and
Conditional expression: The protocol that is used by the client is IPv6.
The following table describes the parameters in argValue.
Parameter
Description
\"match\":
match indicates a conditional match expression.
\"logic\":\"and\"
logic indicates the logical operator that is used to determine whether to match a rule. Valid values: and/or.
\"criteria\"
criteria indicates the specific condition in a conditional match expression.
\"matchType\":\"clientipVer\"
matchType indicates the type of information carried in the user request to match.
\"matchObject\":\"CONNECTING_IP\"
matchObject indicates a further division of the match type. For example, client IP addresses can be further divided into X-Forwarded-For (XFF) IP addresses and IP addresses that are used to connect to POPs.
\"matchOperator\":\"equals\"
matchOperator indicates the operator of the match.
\"matchValue\":\"v6\"
matchValue indicates a preset value to be matched against the information that is carried in the user request.
\"negate\":false
negate indicates whether to invert the result of a conditional expression. Valid values: true and false.
\"name\":\"example\"
name indicates the rule name.
\"status\":\"enable\"
status indicates the rule status.
Example:
The following example shows how to call an API operation to add a rule for the
example.comdomain name to allow or block requests from clients that use IPv6 addresses.{ "Functions": [{ "functionArgs": [{ "argName": "rule", "argValue": "{\"match\":{\"logic\":\"and\",\"criteria\":[{\"matchType\":\"clientipVer\",\"matchObject\":\"CONNECTING_IP\",\"matchOperator\":\"equals\",\"matchValue\":\"v6\",\"negate\":false}]},\"name\":\"example\",\"status\":\"enable\"}" }], "functionName": "condition" }], "DomainNames": "example.com" }You can reference existing rules in the configurations of other features to flexibly and precisely control the execution of your configuration policies in DCDN.
Note:
The parentid parameter is not supported when the feature is condition (rules engine).
If you want to reference a rule in the configurations of other features, set parentid in the those features to specify a created rule. The parentid is the ConfigId that is generated when you create a rule.
QUIC
quic
Feature description: configures Quick UDP Internet Connections (QUIC). For more information, see What is the QUIC protocol?
Feature ID (FunctionID/FuncId): 281.
The following table describes the parameters.
Parameter
Type
Required
Description
Example
iquic_enable
String
Yes
Specifies whether to enable QUIC. Valid values:
on
off
onExample:
{ "Functions": [{ "functionArgs": [{ "argName": "iquic_enable", "argValue": "on" }], "functionName": "iquic" }], "DomainNames": "example.com" }