Traditional Content Delivery Network (CDN) services are often ill-equipped to defend against large-scale network attacks. This is challenging for industries like gaming, finance, government, enterprises, e-commerce, and healthcare, which need services that combine robust security with high-performance content acceleration. Alibaba Cloud DCDN provides an integrated security and acceleration solution. With built-in features like DDoS mitigation, web application firewall (WAF), blacklists and whitelists, and hotlink protection, DCDN protects your applications at the edge in real time.
Security features
Category | Description | References |
Network attack protection | DDoS mitigation: DCDN provides DDoS mitigation to minimize the risk of DDoS attacks, reduce business losses, and ensure service availability. When the system detects a DDoS attack, it automatically reroutes traffic from DCDN to a scrubbing center for mitigation. After the attack subsides, traffic is automatically routed back to DCDN for normal content delivery. | |
WAF: DCDN integrates a web application firewall (WAF) at its points of presence (POPs) to protect your applications. WAF identifies malicious patterns in your traffic and forwards only safe, legitimate requests to your origin server. This helps prevent intrusions, protects core business data, and prevents performance degradation from malicious attacks. | ||
Bot management: This feature protects your applications against automated tools and web scraping while allowing trusted crawlers. It offers threat intelligence and AI-powered protection to detect advanced bots and minimize their impact on your business. | ||
Sandbox: If your domain is under attack, such as a DDoS or HTTP flood attack, or experiences a significant, unreported spike in bandwidth or QPS, DCDN reserves the right to add your domain to a sandbox. This action prevents attacks on your domain from affecting the acceleration services for other users. | ||
Access control | Referer-based hotlink protection: Controls access by inspecting the | |
User-Agent whitelist and blacklist: The | ||
IP whitelist and blacklist: Filters requests based on the client IP address. You can block or grant access to specific IP addresses to mitigate issues such as malicious IP-based abuse and attacks. | ||
URL signing: Provides advanced hotlink protection. This feature verifies encrypted strings and timestamps in signed URLs to protect resources on the origin server more securely and efficiently. | ||
End-to-end encryption | End-to-end security: Provides an end-to-end HTTPS acceleration solution that supports SSL certificate upload and management. | |
HTTP/2: Allows clients to use HTTP/2 to access DCDN points of presence (POPs). | ||
HTTP/3 (QUIC): Clients can connect to DCDN points of presence (POPs) using QUIC for more secure data transmission and efficient resource access. |