Item | Description |
IoT card | According to the Notice on Printing and Distributing the Trial Implementation Guidelines for the Classification and Security Management of IoT Cards (MIIT Network Security Letter [2020] No. 1173) set forth by the Ministry of Industry and Information Technology (MIIT) of the People's Republic of China, DCDN shall not provide acceleration services for devices that use IoT cards in the Chinese mainland. When devices that use IoT cards attempt to access DCDN point of presences (POPs), these devices may fail to establish connections to the IP addresses of the POPs. |
Security violations | Alibaba Cloud reviews the content served on all accelerated domains. Domains that cannot be accelerated by DCDN include but are not limited to: Domains of websites whose content is inaccessible or does not provide valid information Domains that point to illegal private game servers Domains of websites that provide multiplayer role-playing games and card games Domains of websites that provide unauthorized software downloads Domains of websites for peer-to-peer (P2P) lending Domains of unofficial lottery websites Domains of unlicensed and pharmaceutical websites Domains of websites that contain illicit content, such as pornography, drugs, and gambling
Note You are legally responsible for the content that is hosted on your accelerated domain. DCDN regularly reviews the content served on accelerated domains. Once DCDN detects that illicit content is served on a domain, the system immediately disables or blocks the domain. In serious cases, DCDN may permanently block all domains that belong to the Alibaba Cloud account. If you add a wildcard domain, such as *.example.com , to DCDN and a specific domain that matches the wildcard domain, such as a.example.com , contains illicit content, DCDN disables the wildcard domain *.example.com . If your domain fails the review, you can check the reason for rejection on the Domain Names page in the DCDN console. Then, you can modify the content based on the rejection details and re-submit the domain for review.
|
Bandwidth/QPS throttling rules | According to the Alibaba Cloud International Website Product Terms of Service, if you expect traffic spikes on DCDN-accelerated services, you need to contact us to apply for burst bandwidth at least 3 business days in advance. For major events including but not limited to the Spring Festival Gala and Double 11 Global Shopping Festival, you need to apply for burst bandwidth at least 1 month in advance. If the application is approved, the availability of your services is guaranteed when the burst bandwidth is within the level agreed upon by both parties. If you do not apply for burst bandwidth or the application is rejected, Alibaba Cloud reserves the right to take measures such as bandwidth throttling to ensure service-level stability for other Alibaba Cloud customers. Bandwidth throttling is not necessarily triggered. Alibaba Cloud determines whether to enable bandwidth throttling based on service conditions and the level of the burst bandwidth. Alibaba Cloud is not responsible for the reduced availability caused by the measures. If you do not apply for burst bandwidth or the application is not approved, the following issues may occur: Burst bandwidth may trigger throttling rules of Alibaba Cloud DCDN. For more information, see Burst bandwidth. A sudden increase in QPS may trigger HTTP flood protection rules of Alibaba Cloud DCDN. As a result, the domain name is added to a sandbox. For more information, see Introduction to sandboxes.
|
Potential domain attacks or data transmission abuse | By default, Alibaba Cloud DCDN does not provide access control or security capabilities. If your domain is attacked or abused for data transmission, your website may experience unexpected surges in bandwidth or traffic, which results in bills higher than expected. High bills that are generated by attacks or data transmission abuse cannot be waived or refunded. For information about how to prevent the generation of such high bills, see Configure high bill alerts. |
Shared IP addresses | By default, DCDN provides shared accelerated IP addresses for your domain. The shared accelerated IP addresses and their ports are shared by all users. Therefore, ports other than ports 80 and 443 may also open. These non-standard open ports may be flagged as vulnerabilities by some security products. |
Files | |
Origin fetch | The length of an HTTP request header added by using the DCDN console or API cannot exceed 300 bytes. Timeout By default, the timeout period for origin requests that are transmitted over Transmission Control Protocol (TCP) is 10 seconds. The timeout period for origin requests that are transmitted over HTTP is 30 seconds. Response header If an origin server does not respond to Content-Type , DCDN automatically adds Content-Type:application/octet-stream . Automatic conversion from HEAD to GET for origin requests By default, DCDN POPs convert HEAD requests to GET requests before the requests are redirected to the origin. If you want POPs to redirect HEAD requests to the origin, you can configure the following request header on the Custom Request Header tab in the DCDN console. For more information, see Configure custom HTTP request headers.
|
Length of URLs and HTTP request headers, and total length of URLs and HTTP request headers | HTTP/2: If the default setting of the NGINX directive is http2_max_field_size=32 KB, the length of an individual HTTP request header or an individual URL cannot exceed 32 KB. Otherwise, the HTTP status code 414 is returned. If the default setting of the NGINX directive is http2_max_header_size=128 KB, the total length of all HTTP request headers and URLs cannot exceed 128 KB. Otherwise, the HTTP status code 400 is returned.
HTTP/1.1: For the large_client_header_buffers directive, number is set to 4 and size is set to 64 KB. In this case, the length of an individual HTTP request header or an individual URL cannot exceed 64 KB. Otherwise, the HTTP status code 414 is returned. The total length of all HTTP request headers and URLs cannot exceed 256 KB. Otherwise, the HTTP status code 400 is returned. |
Request methods | DCDN supports the GET , PUT , POST , HEAD , and OPTION request methods.
Note If you want your website to support DELETE and PATCH requests, enable dynamic content acceleration. PUT allows HTTP requests that contain a request body (BODY) or do not contain a request body (Content-Length=0).
POST supports chunked encoding and allows HTTP requests that contain a request body (BODY) or do not contain a request body (Content-Length=0).
For cached static resources, POPs convert HEAD requests to GET requests before the requests are redirected to the origin server by default. If you want POPs to redirect HEAD requests to the origin server, you can configure the following request header on the Custom Request Header tab in the DCDN console. For dynamic resources, which are not cached, POPs do not convert HEAD requests to GET requests. For more information, see Configure custom HTTP request headers.
|
API calls for each account | You can call each API up to 1,000 times per second per account. If this upper limit is reached, the following message is returned: ErrorCode:Throttling
ErrorMessage:Request was denied due to flow control.
|