Configure a usage cap for Alibaba Cloud CDN-CDN(CDN)-阿里云帮助中心

To prevent unexpected charges from traffic spikes or malicious attacks, you can configure a usage cap. This feature limits the bandwidth, traffic, or number of HTTPS requests for an accelerated domain name, helping you control costs and minimize losses from unexpected usage surges.

Background

When you use Alibaba Cloud CDN to accelerate your services, you may encounter the following issues:

Sudden traffic surges: Your website or application traffic can increase dramatically in a short period due to trending topics or other events. This surge can cause your CDN bandwidth or traffic to exceed normal levels, resulting in high costs.
Malicious traffic attacks: Your services are targeted by a CC attack or DDoS attack. Attackers generate a massive volume of requests or consume significant bandwidth, disrupting your operations and causing major financial losses.

To help you proactively control costs and manage risks, Alibaba Cloud CDN provides the usage cap feature. You can set a threshold for the bandwidth, traffic, or number of HTTPS requests for an accelerated domain name. When usage in a statistical period reaches your configured threshold, CDN automatically takes the domain name offline to suspend the acceleration service and prevent further costs. This makes the feature a key tool for CDN cost management and security.

Feature overview

The usage cap feature includes three modes: bandwidth cap, traffic cap, and HTTPS requests cap. When a rule in any of these modes is triggered, the corresponding accelerated domain name is automatically taken offline. The service resumes automatically after the specified unblocking time.

Traffic cap

This mode cumulatively monitors the total traffic for a domain name over a specified period. The cap rule is triggered when the accumulated traffic exceeds the threshold that you set. This feature is ideal for users with a pay-by-traffic billing model, helping you keep costs within your budget.

Parameter	Description
Statistical period	The period over which traffic usage is accumulated and compared with the threshold. Valid values: Every 5 minutes, Every hour, Before 24:00 of the current day, or This month.
Threshold	The maximum total traffic allowed within one statistical period. If the accumulated traffic exceeds this threshold, the accelerated domain name is taken offline. Value range: 1 MB to 10,000 TB.
Unblocking time	After the domain name is taken offline, the system starts a timer from the moment the cap is triggered. When the configured unblocking time is reached, the domain name is automatically brought back online to resume the CDN acceleration service.

Bandwidth cap

This mode monitors the bandwidth usage of a domain name. When the bandwidth exceeds the threshold that you set, the cap rule is triggered. This feature is ideal for users with a pay-by-peak-bandwidth billing model, as it effectively controls the upper limit of your billable bandwidth.

Parameter	Description
Threshold	The bandwidth cap for the domain name. If the bandwidth within a statistical period exceeds this threshold, the accelerated domain name is taken offline. Value range: 1 Mbit/s to 1 Tbit/s.
Unblocking time	After the domain name is taken offline, the system starts a timer from the moment the cap is triggered. When the configured unblocking time is reached, the domain name is automatically brought back online to resume the CDN acceleration service. Valid values: 5 minutes, 1 hour, 1 day, 1 month, or Never.

HTTPS requests cap

This mode cumulatively monitors the total number of HTTPS requests for a domain name over a specified period. When the accumulated number of requests exceeds the threshold that you set, the cap rule is triggered. This feature is useful for controlling spending on HTTPS requests within a strict budget.

Parameter	Description
Statistical period	The period over which the number of HTTPS requests is accumulated and compared with the threshold. Valid values: Every 5 minutes, Every hour, Before 24:00 of the current day, or This month.
Threshold	The maximum total number of HTTPS requests allowed within one statistical period. If the accumulated number of requests exceeds this threshold, the accelerated domain name is taken offline. Value range: 1 million to 10 billion requests.
Unblocking time	After the domain name is taken offline, the system starts a timer from the moment the cap is triggered. When the configured unblocking time is reached, the domain name is automatically brought back online to resume the CDN acceleration service.

Usage notes

Monitoring data latency: Usage monitoring data has a latency of about 10 minutes. As a result, the system takes the domain name offline about 10 minutes after usage reaches the threshold. You are billed for all resources, such as traffic, bandwidth, and requests, consumed during this delay.
Careful threshold evaluation: Once you configure a usage cap, the system takes your domain name offline if the threshold is reached. This disrupts all access through the CDN and causes all requests to fail. To avoid disrupting normal operations, always set a reasonable threshold based on historical business data and future expectations.
Automatic unblocking logic: After a domain name is taken offline because a usage cap is triggered, the system automatically starts a countdown based on the unblocking time you configured. During this period, even if you manually bring the domain name back online, the system still brings it online when the unblocking time elapses. If you want the domain name to remain offline after the cap is triggered, you must delete the usage cap configuration to prevent it from automatically coming back online.
Deleting a configuration vs. disabling the switch: A usage cap policy is active as long as its configuration record exists. Simply disabling the switch for the usage cap feature does not immediately stop the policy from being enforced. To completely remove the usage limit and prevent a domain name from being taken offline by a legacy configuration, you must go to the usage cap configuration page and delete the corresponding usage cap configuration, not just disable the switch.

Procedure

On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.
In the domain's navigation pane, click Traffic Throttling.
On the Usage Cap tab, select the cap policy that you want to configure.
Click Modify Configuration and select a suitable statistical period, threshold, and unblocking time. For more information about the parameters, see Feature overview.
Click OK. The cap rule is created and takes effect immediately.

To delete an existing cap configuration, on the Usage cap tab, find the cap policy (Traffic Cap, Bandwidth Cap, or HTTPS Requests Cap) that you want to remove and click Delete. In the confirmation dialog box, click OK. The cap configuration is then deleted, and the system no longer enforces a limit for that usage metric.

Important

You must delete the corresponding cap configuration record to ensure the usage limit is completely removed.

Offline behavior and recovery

When a domain name is automatically taken offline because a usage cap is triggered, the following occurs:

DNS resolution for the domain name may point to an invalid address, such as offline.*.kunlun*.com, or return a 614 status code. As a result, your website becomes inaccessible.
In the list of domain names in the CDN console, the status of the domain name changes to Disabled.

You can restore the service in one of two ways:

Wait for automatic recovery: The system starts a countdown based on your configured unblocking time. The domain name is automatically brought back online when the time elapses.
Manually enable the domain name: If you want to restore service sooner, you can find the domain name in the CDN console and click the Actions button in the Actions column to bring it back online.

Note

If you want the domain name to remain offline after a cap is triggered and not be automatically brought back online, you must delete the usage cap configuration.

FAQ

Bandwidth exceeding the cap

Usage incurred during this delay, including traffic, bandwidth, and requests, is billed normally. The following examples explain this in detail:

Example 1 (pay-by-peak-bandwidth):
Customer A uses the pay-by-peak-bandwidth billing method, adds only the domain name example.com, and enables the bandwidth cap feature. The bandwidth cap is set to 10 Gbps.
Between 21:00 and 21:01 on February 1, 2021, the bandwidth suddenly surges past 10 Gbps. Due to the monitoring delay, the domain name is not taken offline until around 21:11. During this delay, the peak bandwidth reaches 25 Gbps. As a result, the pay-by-peak-bandwidth bill for February 1, 2021, is calculated based on the recorded peak bandwidth of 25 Gbps.
Example 2 (pay-by-traffic):
Customer B uses the pay-by-traffic billing method, adds only the domain name example.com, and enables a bandwidth cap for the domain name. The bandwidth cap is set to 10 Gbps.
Between 21:00 and 21:01 on February 1, 2021, the bandwidth suddenly surges past 10 Gbps, consuming 30 GB of traffic. Due to the monitoring delay, the domain name is not taken offline until around 21:11. During the delay, an additional 400 GB of traffic is consumed. All traffic that is generated by example.com before it is taken offline is included in the pay-by-traffic bill for the 21:00 to 22:00 period on February 1, 2021.

Domain remains offline

If your domain name is still offline after you delete or disable a usage cap configuration, check the following possible causes:

Conflict with legacy bandwidth cap rules: Your domain name may have legacy bandwidth cap rules (alert rules in CloudMonitor) configured. When a legacy rule is triggered, it also takes the domain name offline. Legacy rules cannot be modified and can only be deleted. Go to the CloudMonitor console to check for and delete any legacy bandwidth cap rules. Retain only the new usage cap configuration.
The usage cap configuration was not completely deleted: Confirm that you have deleted the usage cap configuration instead of only disabling it.
The domain name requires manual enabling: After a domain name is taken offline, you must manually enable it in the CDN console or wait for the configured unblocking time to be reached before access is restored.

Per-IP limits

No. The usage cap feature applies to the total usage for a domain name, not to individual IP addresses. To implement rate limiting for specific client IPs, use the WAF frequency control feature of Edge Security Acceleration (ESA).

Limits for a single IP

No, usage caps apply to an entire domain name. To control access from individual client IPs, use the WAF frequency control feature in Edge Security Acceleration (ESA), which can block requests from an IP that exceed a frequency threshold, returning a 403 status code.

Troubleshooting frequent offline issues

If your CDN domain name is frequently taken offline or suddenly becomes inaccessible, follow these steps to troubleshoot the issue:

Check the usage cap configuration: Log on to the CDN console. On the Domain Names page, find the target domain name, click Manage, and then navigate to the Traffic Throttling > Usage Cap page. Check whether a bandwidth, traffic, or HTTPS requests cap policy is configured and whether a threshold has been triggered. You can also check operation records to confirm whether a cap has been triggered.
Check for legacy bandwidth cap rules: Check whether legacy bandwidth cap rules (CloudMonitor alert rules) are in conflict with the new usage cap policies.
Investigate abnormal traffic: If you suspect an abnormal traffic attack, you can view offline logs in the console or enable Operations Reports to analyze Top IP and Top Referer sources. If you identify abnormal IP addresses, you can configure an IP blacklist/whitelist. If traffic is being consumed by malicious requests with an empty referer, you can configure referer anti-leech. For more advanced protection, consider upgrading to ESA.

Avoiding overage charges

CDN does not support a "stop when resource plan is exhausted" configuration. When your CDN resource plan is exhausted, the system automatically switches to the pay-as-you-go billing model. You cannot directly disable pay-as-you-go billing.

To avoid high pay-as-you-go charges after your resource plan is exhausted, we recommend that you take the following measures:

Configure a usage cap: Set a reasonable bandwidth or traffic threshold. When usage reaches the threshold, the domain name is automatically taken offline, which prevents further charges.
Set alerts for your resource plan: Configure an alert for when your resource plan drops to a specific remaining amount, such as 10 GB, so you can take timely action. Note that resource plan alerts may be delayed. You might incur overage charges before you receive a notification.

Setting a reasonable threshold

There is no universal default threshold for the usage cap feature. You must evaluate a reasonable threshold based on the actual scale of your business. The traffic generated varies greatly among different user bases. Follow these steps to determine a reasonable threshold:

Log on to the CDN console. In the left-side navigation pane, choose Usage to view your usage data for the last seven days.
Use your historical peak usage as a baseline and add a buffer to set a threshold. This helps prevent your normal services from being suspended due to a low threshold.
The reference range for the threshold varies based on the business type:
- For small and medium-sized websites, the hourly traffic typically ranges from a few gigabytes to tens of gigabytes.
- For high-traffic services such as video streaming and file downloads, the traffic may reach the terabyte level.

Important

If the threshold is set too low, normal traffic can trigger the cap. After the domain name is taken offline, all users will be unable to access it. Make sure to evaluate the threshold based on actual business data.

Viewing offline records

You can use the following methods to view the records of when your domain name was taken offline due to usage caps:

Log on to the CDN console, go to domain name management, find the target domain name, and then navigate to the Traffic Throttling page to view the current configurations and status of each cap policy.
To view detailed operation records, including the specific time when the domain name was disabled and the cause, go to the operation audit console to query CDN-related operational events.

Pricing and impact

The usage cap feature, which includes bandwidth cap, traffic cap, and HTTPS requests cap, is free of charge.

When the usage of a domain name within a statistical period exceeds the threshold that you set, CDN stops providing acceleration services for the domain name, and the domain name enters an offline state. At this point, all requests to the domain name are blocked, making the website unavailable. This mechanism prevents high costs by suspending the service.

After the domain name is taken offline, the service is automatically restored based on the unblocking time that you configure. If you need to restore the service sooner, you can manually enable the domain name on the Domain Names page of the CDN console.

上一篇: Traffic throttling 下一篇: Configure single-request throttling