cdn-domain-aliauth-enabled

更新时间:
复制 MD 格式

Evaluates whether URL signing is enabled for each domain name accelerated by Alibaba Cloud CDN (CDN). A domain name with URL signing enabled is considered compliant.

Scenarios

By default, content distributed by CDN is publicly available to anyone with the URL. To prevent hotlinking and unauthorized access, you can use Referer-based access control, IP whitelists and blacklists, or URL signing. URL signing adds signature strings and timestamps to URLs for stronger protection.

Risk level

Default risk level: high.

You can change the risk level when you configure this rule.

Compliance evaluation logic

A CDN domain name is compliant if URL signing is enabled.

Rule details

Item

Description

Rule name

cdn-domain-aliauth-enabled

Rule ID

cdn-domain-aliauth-enabled

Tag

CDN

Automatic remediation

Not supported

Trigger type

Configuration change

Supported resource type

ACS::CDN::Domain

Input parameter

None

Non-compliance remediation

Enable URL signing for each domain name accelerated by CDN. For more information, see Configure URL signing.