Evaluates whether URL signing is enabled for each domain name accelerated by Alibaba Cloud CDN (CDN). A domain name with URL signing enabled is considered compliant.
Scenarios
By default, content distributed by CDN is publicly available to anyone with the URL. To prevent hotlinking and unauthorized access, you can use Referer-based access control, IP whitelists and blacklists, or URL signing. URL signing adds signature strings and timestamps to URLs for stronger protection.
Risk level
Default risk level: high.
You can change the risk level when you configure this rule.
Compliance evaluation logic
A CDN domain name is compliant if URL signing is enabled.
Rule details
|
Item |
Description |
|
Rule name |
cdn-domain-aliauth-enabled |
|
Rule ID |
|
|
Tag |
CDN |
|
Automatic remediation |
Not supported |
|
Trigger type |
Configuration change |
|
Supported resource type |
ACS::CDN::Domain |
|
Input parameter |
None |
Non-compliance remediation
Enable URL signing for each domain name accelerated by CDN. For more information, see Configure URL signing.