Feature settings for domain names

更新时间:
复制 MD 格式

Call the BatchSetVodDomainConfigs operation to configure features for multiple domain names at a time. The following sections list the available features and the parameters for each feature.

Note

These features can be referenced when you call the following API operations: BatchSetVodDomainConfigs and DescribeVodDomainConfigs.

Basic settings

ipv6

  • Configures IPv6. For more information, see Configure IPv6.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    switch

    String

    Yes

    Specifies whether to enable IPv6.

    • on

    • off

    on

    region

    String

    Yes

    The region where IPv6 is enabled.

    Note
    • You can enter an asterisk (*) to specify all regions. To enable IPv6 in a specific region, submit a ticket.

    • If this parameter is left empty, IPv6 is enabled in all regions.

    *

  • Sample code:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "switch",
                "argValue": "on"
            }, {
                "argName": "region",
                "argValue": "*"
            }],
            "functionName": "ipv6"
        }],
        "DomainNames": "example.com"
    }

Back-to-origin settings

set_req_host_header

  • Configures the default origin host. For more information, see Configure an origin host.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    domain_name

    String

    Yes

    Specifies the origin host header value.

    example.com

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "domain_name",
                "argValue": "example.com"
            }],
            "functionName": "set_req_host_header"
        }],
        "DomainNames": "example.com"
    }

forward_scheme

  • Configures the origin protocol policy. For more information, see Configure the origin protocol policy.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Enables or disables the origin protocol policy. Valid values:

    • on: Enables the policy.

    • off: Disables the policy.

    on

    scheme_origin

    String

    No

    Specifies the origin protocol. Valid values:

    • http: CDN uses HTTP for origin fetch.

    • https: CDN uses HTTPS for origin fetch.

    • follow: CDN uses the same protocol as the client request for origin fetch.

    Note

    If this parameter is omitted, the default value is follow.

    follow

    scheme_origin_port

    String

    No

    Specifies the custom origin port. This parameter requires the scheme_origin parameter. Valid values:

    • If scheme_origin is set to http, specify the port for HTTP origin fetch. Example: 80.

    • If scheme_origin is set to https, specify the port for HTTPS origin fetch. Example: 443.

    • If scheme_origin is set to follow, specify the ports for HTTP and HTTPS origin fetch, separated by a colon (:). The HTTP port must be specified first.

    80:443

  • Sample code:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "scheme_origin",
                "argValue": "follow"
            }],
            "functionName": "forward_scheme"
        }],
        "DomainNames": "example.com"
    }

l2_oss_key

  • Configures access control on private Object Storage Service (OSS) buckets. For more information, see Enable access to private OSS buckets.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    private_oss_auth

    String

    Yes

    Specifies whether to enable origin fetch from a private bucket. Valid values:

    • on: enables the feature.

    • off: disables the feature.

    When enabled, the system automatically configures an STS token to simplify setup. This method supports origin fetch only when the CDN domain and the private OSS bucket are under the same Alibaba Cloud account. For more information about Security Token Service (STS), see What is STS?.

    on

    perm_private_oss_tbl

    String

    No

    Specifies the permanent security token configuration. The format is access_id=123 access_secret=123abc. The AccessKey ID and AccessKey secret are separated by a space.

    This allows a CDN domain to fetch content from private OSS buckets that belong to your account or a different Alibaba Cloud account. For more information about permanent security tokens, see Create an AccessKey.

    access_id=123 access_secret=123abc

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "private_oss_auth",
                "argValue": "on"
            },{
                "argName": "perm_private_oss_tbl",
                "argValue": "access_id=123 access_secret=123abc"
            }],
            "functionName": "l2_oss_key"
        }],
        "DomainNames": "example.com"
    }

https_origin_sni

  • Configures origin Server Name Indication (SNI). For more information, see Configure origin SNI.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    enabled

    String

    Yes

    Indicates if the origin SNI feature is enabled. Valid values:

    • on: Enabled.

    • off: Disabled.

    on

    https_origin_sni

    String

    Yes

    The hostname of the origin server targeted by the origin request.

    origin.example.com

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "https_origin_sni",
                "argValue": "origin.example.com"
            }, {
                "argName": "enabled",
                "argValue": "on"
            }],
            "functionName": "https_origin_sni"
        }],
        "DomainNames": "example.com"
    }

forward_timeout

  • Configures a timeout period for a back-to-origin request. For more information, see Configure a timeout period for back-to-origin HTTP requests.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    forward_timeout

    Integer

    Yes

    The request timeout in seconds.

    Note

    The recommended timeout is less than 100 seconds.

    30

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "forward_timeout",
                "argValue": "30"
            }],
            "functionName": "forward_timeout"
        }],
        "DomainNames": "example.com"
    }

advanced_origin

  • Configures advanced back-to-origin routing settings. For more information, see Configure advanced origin settings.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    variable_type

    String

    Yes

    The variable type. Valid values:

    • header: A request header.

    • arg: A query string parameter.

    • uri: The request path.

    • cookie: A request cookie.

    uri

    variable

    String

    Yes

    The name of the variable.

    Note

    If variable_type is uri, this parameter must be uri.

    uri

    conditions

    String

    Yes

    The matching operator. Valid values:

    • ==: Equal to

    • !=: Not equal to

    ==

    value

    String

    Yes

    The value to match.

    /image

    origin

    String

    Yes

    The origin domain to which requests are routed when the conditions are met. This domain name is used for DNS lookups during an origin fetch.

    origin.example.com

  • Configuration example:

    {
     "Functions": [{
      "functionArgs": [{
       "argName": "conditions",
       "argValue": "=="
      }, {
       "argName": "variable_type",
       "argValue": "uri"
      }, {
       "argName": "value",
       "argValue": "/image"
      }, {
       "argName": "origin",
       "argValue": "origin.example.com"
      }, {
       "argName": "variable",
       "argValue": "uri"
      }],
      "functionName": "advanced_origin"
     }],
     "DomainNames": "example.com",
    }

follow_302

  • Configures 302 redirection. For more information, see Configure 301/302 redirection.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    enable

    String

    Yes

    Specifies whether to follow 302 redirects during an origin fetch.

    • on: Enables the feature.

    • off: Disables the feature.

    on

    max_tries

    Integer

    No

    The maximum number of 302 redirects to follow for a single request.

    • Default value: 2.

    • Valid values: [1,5].

    Note

    The total number of origin fetches is the max_tries value plus one. Therefore, the default of 2 max_tries allows for 3 total origin fetches, and the valid max_tries range of [1,5] corresponds to 2 to 6 total origin fetches.

    2

    retain_args

    String

    No

    Specifies whether to retain the original request parameters when following a 302 redirect.

    • on: Retains the original request parameters.

    • off (default): Does not retain the original request parameters.

    off

    retain_header

    String

    No

    Specifies whether to retain the original request headers when following a 302 redirect.

    • on: Retains the original request headers.

    • off (default): Does not retain the original request headers.

    off

    response_header

    String

    No

    The name of the origin server's response header that contains the redirect URL. By default, CDN uses the Location header.

    X-Alicdn-Redirect

    retain_host

    String

    No

    Specifies whether to use the original request's Host header for the redirected request. Valid values:

    • on: Enable.

    • off (default): Disable.

    off

    modify_host

    String

    No

    Specifies a new Host header to use for the redirected request.

    example.com

    cache

    String

    No

    Specifies whether to cache the final result of a 302 redirect chain. If enabled, CDN caches the content from the final destination URL, improving performance for subsequent requests to the original URL. Valid values:

    • on: Enable.

    • off (default): Disable.

    off

    expired_time

    Integer

    No

    The timeout period for the cached redirect result. This parameter applies only if cache is set to on. Unit: seconds. Default value: 3600.

    7200

    follow_origin_host

    String

    No

    Specifies whether to use the current origin server's domain name as the Host header. If enabled, the Host header is updated to match the origin server's domain name after an origin failover. Valid values:

    • on: Enable.

    • off (default): Disable.

    off

    follow_5xx_retry_origin

    String

    No

    Specifies whether to trigger an origin failover if the origin server returns a 5xx status code. Valid values:

    • on: Enable.

    • off (default): Disable.

    off

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "max_tries",
                "argValue": 2
            }, {
                "argName": "retain_args",
                "argValue": "off"
            }, {
                "argName": "retain_header",
                "argValue": "off"
    }, {
                "argName": "response_header",
                "argValue": "X-Alicdn-Redirect"
    }, {
                "argName": "retain_host",
                "argValue": "off"
    }, {
                "argName": "modify_host",
                "argValue": "example.com"
    }, {
                "argName": "cache",
                "argValue": "off"
    }, {
                "argName": "expired_time",
                "argValue": "7200"
    }, {
                "argName": "follow_origin_host",
                "argValue": "off"
    }, {
                "argName": "follow_5xx_retry_origin",
                "argValue": "off"
            }],
            "functionName": "follow_302"
        }],
        "DomainNames": "example.com"
    }

ipv6_origin

  • Configures back-to-origin routing over IPv6. For more information, see Configure back-to-origin routing over IPv6.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Enables or disables origin fetch over IPv6. Valid values:

    • on: enable

    • off: disable

    Note

    When enabled, CDN can use IPv6 to fetch content from the origin server.

    • CDN uses an IPv6 connection if both the point of presence and the origin server have an available IPv6 address.

    • An IPv4 connection is used in the following cases:

      • The point of presence does not have an available IPv6 address.

      • The origin server does not have an available IPv6 address.

      • Neither the point of presence nor the origin server has an available IPv6 address.

    on

    follow

    String

    Yes

    Enables or disables the follow client IP protocol version feature. Valid values:

    • on: enable

    • off: disable

    Note

    When this feature is enabled, CDN uses the same IP protocol version as the client request for origin fetch.

    • If a client request uses IPv6, CDN prioritizes fetching from an IPv6 origin server. If no IPv6 origin server is available, it falls back to an IPv4 origin server.

    • If a client request uses IPv4, CDN prioritizes fetching from an IPv4 origin server. If no IPv4 origin server is available, it falls back to an IPv6 origin server.

    on

    ipv6_v4_mix_used

    String

    No

    Enables or disables origin IPv4/IPv6 address polling. Valid values:

    • on: enable

    • off: disable

    Note
    • The origin IPv4/IPv6 address polling feature is mutually exclusive with the origin fetch over IPv6 and follow client IP protocol version features. If origin IPv4/IPv6 address polling is enabled, the other two features have no effect.

    • The origin IPv4/IPv6 address polling feature distributes origin fetch requests to all origin server addresses. This happens regardless of the IP version of the client request or the number of IPv4 and IPv6 addresses that the origin server has.

    • If you configure weights for the IPv4 and IPv6 addresses, CDN distributes origin fetch requests according to the specified weights.

    off

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            },{
                "argName": "follow",
                "argValue": "on"
            }],
            "functionName": "ipv6_origin"
        }],
        "DomainNames": "example.com"
    }

origin_request_header

  • Configures an origin HTTP request header. For more information, see Configure HTTP request headers.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    header_operation_type

    String

    Yes

    The request header operation. Valid values:

    • add: Add a header.

    • delete: Delete a header.

    • modify: Modify a header.

    • rewrite: Rewrite a header value.

    add

    header_name

    String

    Yes

    The header name.

    Accept-Encoding

    header_value

    String

    No

    To specify multiple values, separate them with a comma (,).

    gzip

    duplicate

    String

    No

    Specifies whether to add a header if one with the same name already exists. This parameter is required if header_operation_type is set to add. Valid values:

    • on: Allow.

    • off: Do not allow.

    off

    header_source

    String

    No

    The value to match and replace. This parameter is required if header_operation_type is set to rewrite. You can use a regular expression for this value.

    value1

    header_destination

    String

    No

    The replacement value. This parameter is required if header_operation_type is set to rewrite.

    value123

    match_all

    String

    No

    Specifies the match mode. This parameter is required if header_operation_type is set to rewrite. Valid values:

    • on: Replaces all matched values.

    • off: Replaces only the first matched value.

    off

  • Configuration example: This example adds a custom origin request header to the accelerated domain name example.com, setting the header name to 'Accept-Encoding' and the header value to 'gzip'.

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "header_operation_type",
                "argValue": "add"
            }, {
                "argName": "header_name",
                "argValue": "Accept-Encoding"
            }, {
                "argName": "header_value",
                "argValue": "gzip"
            }, {
                "argName": "duplicate",
                "argValue": "off"
            }],
            "functionName": "origin_request_header"
        }],
        "DomainNames": "example.com"
    }

origin_response_header

  • Configures an origin HTTP response header. For more information, see Configure HTTP response headers.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    header_operation_type

    String

    Yes

    Specifies the response header operation. Valid values:

    • add: Adds a header.

    • delete: Deletes a header.

    • modify: Modifies a header.

    • rewrite: Rewrites a header.

    add

    header_name

    String

    Yes

    Specifies the response header name.

    Cache-Control

    header_value

    String

    No

    Specifies the response header value. If you specify multiple values, separate them with commas (,).

    no-cache

    duplicate

    String

    No

    Specifies whether to add a new response header if one with the same name already exists. This parameter is required when header_operation_type is set to add. Valid values:

    • on: Allows duplicate headers.

    • off: Does not allow duplicate headers.

    off

    header_source

    String

    No

    Specifies the value to be found for replacement. This parameter is required when header_operation_type is set to rewrite. This value can be a regular expression.

    value1

    header_destination

    String

    No

    Specifies the replacement value. This parameter is required when header_operation_type is set to rewrite.

    value123

    match_all

    String

    No

    Specifies the match mode. This parameter is required when header_operation_type is set to rewrite. Valid values:

    • on: Replace all matched values.

    • off: Replace only the first matched value.

    off

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "header_operation_type",
                "argValue": "add"
            }, {
                "argName": "header_name",
                "argValue": "Cache-Control"
            }, {
                "argName": "header_value",
                "argValue": "no-cache"
            }, {
                "argName": "duplicate",
                "argValue": "off"
            }],
            "functionName": "origin_response_header"
        }],
        "DomainNames": "example.com"
    }

back_to_origin_url_rewrite

  • Rewrites URLs in back-to-origin requests. For more information, see Rewrite URLs in back-to-origin requests.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    source_url

    String

    Yes

    The URL to rewrite.

    ^/hello$

    target_url

    String

    Yes

    The rewritten URL.

    /hello/test

    flag

    String

    No

    The rewrite flag. Valid values:

    • None: The system continues to match the URL against other rules.

    • break: The system skips remaining rules.

    • enhance_break: Similar to break, but also writes URL parameters. Takes effect for Flash Video (FLV) live streaming.

    break

  • Configuration example

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "flag",
                "argValue": "break"
            }, {
                "argName": "source_url",
                "argValue": "^/hello$"
            }, {
                "argName": "target_url",
                "argValue": "/hello/test"
            }],
            "functionName": "back_to_origin_url_rewrite"
        }],
        "DomainNames": "example.com",
    }

Cache settings

filetype_based_ttl_set

  • Configures a time-to-live (TTL) for files. For more information, see Cache settings.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    ttl

    Integer

    Yes

    The cache duration, in seconds. The value can range from 1 to 99,999,999 (more than three years).

    500000

    file_type

    String

    Yes

    The file format. This parameter is case-sensitive. To specify multiple file formats, separate them with a comma (,). Example: jpg,txt.

    jpg

    weight

    Integer

    No

    The weight. Valid values: 1 to 99.

    Note

    The default value is 1. A higher value indicates a greater priority.

    1

    swift_origin_cache_high

    String

    No

    Specifies whether to prioritize the cache policy from the origin server. When this parameter is set to on, the origin server's policy, as defined in response headers like Cache-Control or Pragma, overrides the CDN cache policy.

    • on: Enable

    • off (default): Disable

    off

    swift_no_cache_low

    String

    No

    Specifies whether to ignore "no-cache" response headers from the origin server. When set to on, the CDN ignores the following cache-prevention response headers from the origin server:

    • Cache-Control: no-store

    • Cache-Control: no-cache

    • Cache-Control: max-age=0

    • Pragma: no-cache

    Possible values:

    • on: Enable

    • off (default): Disable

    off

    swift_follow_cachetime

    String

    No

    Specifies whether to include the final effective CDN cache policy in the response to the client. When this parameter is set to on, the policy is included in the response.

    • on: Enable

    • off (default): Disable

    off

    force_revalidate

    String

    No

    Specifies whether to force content validation when the cache expiration time is 0.

    • on: Enable. When the cache expiration time is 0, content is cached on CDN points of presence, but each request triggers an origin fetch for validation.

    • off (default): Disable. When the cache expiration time is 0, CDN points of presence do not cache the content, and each request triggers an origin fetch to retrieve the content.

    off

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "file_type",
                "argValue": "jpg"
            }, {
                "argName": "weight",
                "argValue": "1"
            }, {
                "argName": "ttl",
                "argValue": "500000"
            }, {
                "argName": "swift_origin_cache_high",
                "argValue": "off"
            }, {
                "argName": "swift_no_cache_low",
                "argValue": "off"
            }, {
                "argName": "swift_follow_cachetime",
                "argValue": "off"
            },{
                "argName": "force_revalidate",
                "argValue": "off"
            }],
            "functionName": "filetype_based_ttl_set"
        }],
        "DomainNames": "example.com"
    }
    

path_based_ttl_set

  • Configures a TTL for directories. For more information, see Cache settings.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    ttl

    Integer

    Yes

    The cache duration, in seconds. The value can range from 1 to 99,999,999 (more than three years).

    500000

    path

    String

    Yes

    The directory. It must start with a forward slash (/).

    /example/demo

    weight

    Integer

    No

    The weight. Valid values: 1 to 99.

    Note

    The default value is 1. A higher value indicates a higher priority.

    1

    swift_origin_cache_high

    String

    No

    Specifies whether to prioritize the cache policy of the origin server. If enabled and the origin server returns cache-related response headers such as Cache-Control or Pragma, the origin server's cache policy takes precedence. Valid values:

    • on: Enabled

    • off (default): Disabled

    off

    swift_no_cache_low

    String

    No

    Specifies whether to ignore no-cache response headers from the origin server. If enabled, CDN ignores the following response headers.

    • Cache-Control: no-store

    • Cache-Control: no-cache

    • Cache-Control: max-age=0

    • Pragma: no-cache

    Valid values:

    • on: Enabled

    • off (default): Disabled

    off

    swift_follow_cachetime

    String

    No

    Specifies whether to pass the effective CDN cache policy to the client. If enabled, the CDN includes its effective cache policy in the response to the client. Valid values:

    • on: Enabled

    • off (default): Disabled

    off

    force_revalidate

    String

    No

    Specifies whether to force content validation when the cache expiration time is 0. Valid values:

    • on: Enabled. If the cache expiration time is 0, content is cached on CDN points of presence, but each request requires an origin fetch for content validation.

    • off (default): Disabled. If the cache expiration time is 0, content is not cached on CDN points of presence. Each request requires an origin fetch to retrieve the content.

    off

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "path",
                "argValue": "/example/demo"
            }, {
                "argName": "weight",
                "argValue": "1"
            }, {
                "argName": "ttl",
                "argValue": "500000"
            }, {
                "argName": "swift_origin_cache_high",
                "argValue": "off"
            }, {
                "argName": "swift_no_cache_low",
                "argValue": "off"
            }, {
                "argName": "swift_follow_cachetime",
                "argValue": "off"
            }, {
                "argName": "force_revalidate",
                "argValue": "off"
            }],
            "functionName": "path_based_ttl_set"
        }],
        "DomainNames": "example.com"
    }

filetype_force_ttl_code

  • Configures a TTL for HTTP status codes of files. For more information, see Configure the validity period for status codes.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    file_type

    String

    Yes

    The file type. The value is case-sensitive. Separate multiple file types with a comma (,), for example, jpg,txt.

    jpg

    code_string

    String

    Yes

    The status code and its corresponding TTL in seconds. The TTL can range from 1 to 99,999,999 (just over three years). Separate multiple entries with a comma (,), for example, 302=0,301=0,4xx=2.

    403=10

    swift_code_origin_cache_high

    String

    No

    Specifies whether to prioritize the origin server's cache policy. If enabled, the cache policy from the origin server (defined in headers like Cache-Control and Pragma) takes precedence.

    • on: Prioritizes the origin server's cache policy.

    • off (default): Uses the cache policy configured on the CDN.

    off

    swift_code_no_cache_low

    String

    No

    Specifies whether to ignore response headers from the origin server that prevent caching. If enabled, the CDN ignores the following response headers:

    • Cache-Control: no-store

    • Cache-Control: no-cache

    • Cache-Control: max-age=0

    • Pragma: no-cache

    The configurable values are:

    • on: Ignores response headers from the origin that prevent caching.

    • off (default): Obeys response headers from the origin that prevent caching.

    off

    swift_code_follow_cachetime

    String

    No

    Specifies whether to include the CDN cache policy in the response sent to the client.

    • on: Includes the CDN cache policy in the response.

    • off (default): Does not include the CDN cache policy in the response.

    off

    force_revalidate

    String

    No

    Specifies whether to force revalidation when the TTL is 0.

    • on: Caches content on CDN POPs when the TTL is 0. Each request then requires an origin fetch to revalidate it.

    • off (default): Does not cache content on CDN POPs when the TTL is 0. Each request requires an origin fetch to retrieve the content.

    off

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "file_type",
                "argValue": "jpg"
            }, {
                "argName": "code_string",
                "argValue": "403=10"
           }, {
                "argName": "swift_code_origin_cache_high",
                "argValue": "off"
            }, {
                "argName": "swift_code_no_cache_low",
                "argValue": "off"
            }, {
                "argName": "swift_code_follow_cachetime",
                "argValue": "off"
            }, {
                "argName": "force_revalidate",
                "argValue": "off"
            }],
            "functionName": "filetype_force_ttl_code"
        }],
        "DomainNames": "example.com"
    }

path_force_ttl_code

  • Configures a TTL for HTTP status codes of paths. For more information, see Configure the validity period for status codes.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    path

    String

    Yes

    The directory. It must start with a forward slash (/). Example: /image.

    /example/demo

    code_string

    String

    Yes

    Specifies the cache duration in seconds for one or more status codes. The duration must be an integer from 1 to 99,999,999. Use a comma (,) to separate multiple entries. Example: 302=0,301=0,4xx=2.

    403=10,404=15

    swift_code_origin_cache_high

    String

    No

    Specifies whether to prioritize the origin's cache policy. When enabled, the origin's policy takes precedence if its response includes cache-related headers such as Cache-Control and Pragma. Valid values:

    • on: enable

    • off (default): disable

    off

    swift_code_no_cache_low

    String

    No

    Specifies whether to ignore no-cache response headers from the origin. If enabled, the following no-cache response headers from the origin are ignored:

    • Cache-Control: no-store

    • Cache-Control: no-cache

    • Cache-Control: max-age=0

    • Pragma: no-cache

    Valid values:

    • on: enable

    • off (default): disable

    off

    swift_code_follow_cachetime

    String

    No

    Specifies whether to include the final effective CDN cache policy in the response to the client. Valid values:

    • on: enable

    • off (default): disable

    off

    force_revalidate

    String

    No

    Specifies whether to force content validation when the cache expiration time is 0. Valid values:

    • on: When the cache expiration time is 0, content is cached on points of presence (PoPs), and each request triggers an origin fetch for revalidation.

    • off (default): When the cache expiration time is 0, points of presence (PoPs) do not cache the content; instead, each request triggers an origin fetch to retrieve it.

    off

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "path",
                "argValue": "/example/demo"
            }, {
                "argName": "code_string",
                "argValue": "403=10,404=15"
            }, {
                "argName": "swift_code_origin_cache_high",
                "argValue": "off"
            }, {
                "argName": "swift_code_no_cache_low",
                "argValue": "off"
            }, {
                "argName": "swift_code_follow_cachetime",
                "argValue": "off"
            }, {
                "argName": "force_revalidate",
                "argValue": "off"
            }],
            "functionName": "path_force_ttl_code"
        }],
        "DomainNames": "example.com"
    }

set_resp_header

  • Configures a custom HTTP response header. For more information, see Configure a custom HTTP response header.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    key

    String

    Yes

    The name of the response header.

    Cache-Control

    value

    String

    Yes

    The response header value. Separate multiple values with a comma.

    Note

    To delete a response header, set its value to null.

    no-cache

    header_operation_type

    String

    No

    The operation to perform on the response header. Valid values:

    • add: Add a header.

    • delete: Delete a header.

    • modify: Modify a header.

    • rewrite: Replace a header.

    add

    duplicate

    String

    No

    Specifies whether to allow adding a response header with the same name as an existing one. This parameter is used only when header_operation_type is set to add. Valid values:

    • on: Allows duplicates.

    • off: Disallows duplicates.

    off

    header_source

    String

    No

    The source string to be replaced. This parameter is used when header_operation_type is set to rewrite. Regular expressions are supported.

    value1

    header_destination

    String

    No

    The replacement value. This parameter is used when header_operation_type is set to rewrite.

    value123

    match_all

    String

    No

    Specifies whether to replace all matches or only the first match. This parameter is used when header_operation_type is set to rewrite. Valid values:

    • on: Replaces all matches.

    • off: Replaces only the first match.

    /

    access_origin_control

    String

    No

    Specifies whether to enable cross-domain verification. Valid values:

    • on: Enables cross-domain verification for user requests on CDN points of presence (PoPs).

    • off: Disables this feature.

    /

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "header_operation_type",
                "argValue": "add"
            }, {
                "argName": "key",
                "argValue": "Cache-Control"
            }, {
                "argName": "value",
                "argValue": "no-cache"
            }, {
                "argName": "duplicate",
                "argValue": "off"
            }],
            "functionName": "set_resp_header"
        }],
        "DomainNames": "example.com"
    }

error_page

  • Configures a custom page. For more information, see Customize a page.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    error_code

    Integer

    Yes

    The HTTP error code that triggers the custom page.

    404

    rewrite_page

    String

    Yes

    The URL to which requests are rewritten.

    http://example.aliyundoc.com/error404.html

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "error_code",
                "argValue": "404"
            }, {
                "argName": "rewrite_page",
                "argValue": "http://example.aliyundoc.com/error404.html"
            }],
            "functionName": "error_page"
        }],
        "DomainNames": "example.com"
    }

rewrite_host

  • Configures cache sharing.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    share_host

    String

    Yes

    The domain that provides the cache for the current domain. This setting does not modify the origin Host header for requests. Instead, when looking up a resource in the cache, the system uses the share_host value to generate the cache key.

    example.com

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "share_host",
                "argValue": "example.com"
            }],
            "functionName": "rewrite_host"
        }],
        "DomainNames": "example.com"
    }

HTTPS settings

https_option

  • Configures basic HTTPS parameters. Only HTTP/2 is supported. For more information, see Enable HTTP/2.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    http2

    String

    No

    Specifies whether to enable HTTP/2.

    • on

    • off

    on

  • Sample code:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "http2",
                "argValue": "on"
            }],
            "functionName": "https_option"
        }],
        "DomainNames": "example.com"
    }

http_force

  • Configures forcible URL redirection to HTTP. For more information, see Forcible redirect.

    Note
    • The forcible URL redirection to HTTP feature conflicts with the forcible URL redirection to HTTPS feature (function: https_force). Only one of the two features can be used at a time.

    • To switch between the two features, delete the existing configuration first. You can call the DeleteVodSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter set to off, the feature is still considered configured.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Enables or disables the force HTTP redirect. Valid values:

    • on: Enables the redirect.

    • off: Disables the redirect.

    on

    http_rewrite

    String

    No

    The redirect type. Valid values are 301 and 308 status codes:

    • 301: The GET request method is preserved. Other request methods might be changed to GET.

    • 308: The request method and message body are preserved.

    301

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "http_rewrite",
                "argValue": "301"
            }],
            "functionName": "http_force"
        }],
        "DomainNames": "example.com"
    }

https_force

  • Configures forcible URL redirection to HTTPS. For more information, see Forcible redirect.

    Note
    • The forcible URL redirection to HTTPS feature conflicts with the forcible URL redirection to HTTP feature (function: https_force). Only one of the two features can be used at a time.

    • To switch between the two features, delete the existing configuration first. You can call the DeleteVodSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter set to off, the feature is still considered configured.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Enables or disables the force HTTPS redirect. Valid values:

    • on: Enables the redirect.

    • off: Disables the redirect.

    on

    https_rewrite

    String

    No

    The redirect type. Valid values are 301 and 308 status codes:

    • 301: The GET request method is preserved. Other request methods might be changed to GET.

    • 308: The request method and message body are preserved.

    301

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "https_rewrite",
                "argValue": "301"
            }],
            "functionName": "https_force"
        }],
        "DomainNames": "example.com"
    }

https_tls_version

  • Configures a Transport Layer Security (TLS) version. For more information, see Configure TLS version control.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    tls10

    String

    No

    Enables or disables TLSv1.0. Valid values:

    • on (default): Enables TLSv1.0.

    • off: Disables TLSv1.0.

    on

    tls11

    String

    No

    Enables or disables TLSv1.1. Valid values:

    • on (default): Enables TLSv1.1.

    • off: Disables TLSv1.1.

    on

    tls12

    String

    No

    Enables or disables TLSv1.2. Valid values:

    • on (default): Enables TLSv1.2.

    • off: Disables TLSv1.2.

    on

    tls13

    String

    No

    Enables or disables TLSv1.3. Valid values:

    • on (default): On.

    • off: Off.

    on

    ciphersuitegroup

    String

    No

    The cipher suite group. Valid values:

    • all (default): All supported cipher suites.

    • strict: A group of high-security cipher suites.

    • custom: A custom cipher suite.

    all

    ciphersuite

    String

    No

    The custom cipher suite. This parameter is required only when ciphersuitegroup is set to custom. Separate multiple cipher suites with commas (,).

    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • Configuration examples:

    • Default configuration: Enables TLS 1.0, 1.1, and 1.2, disables TLS 1.3, and uses all cipher suites.

      {
          "Functions": [{
              "functionArgs": [
                  {
                    "ArgValue": "on",
                    "ArgName": "tls10"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls11"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls12"
                  },
                  {
                    "ArgValue": "off",
                    "ArgName": "tls13"
                  },
                  {
                    "ArgValue": "all",
                    "ArgName": "ciphersuitegroup"
                  }
                ],
              "functionName": "https_tls_version"
          }],
          "DomainNames": "example.com"
      }
    • Enable TLS 1.2 and 1.3, and use the strict cipher suite group.

      {
          "Functions": [{
              "functionArgs": [
                  {
                    "ArgValue": "off",
                    "ArgName": "tls10"
                  },
                  {
                    "ArgValue": "off",
                    "ArgName": "tls11"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls12"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls13"
                  },
                  {
                    "ArgValue": "strict",
                    "ArgName": "ciphersuitegroup"
                  }
                ],
              "functionName": "https_tls_version"
          }],
          "DomainNames": "example.com"
      }
    • Enable TLS 1.2 and 1.3, and use custom cipher suites.

      {
          "Functions": [{
              "functionArgs": [
                  {
                    "ArgValue": "off",
                    "ArgName": "tls10"
                  },
                  {
                    "ArgValue": "off",
                    "ArgName": "tls11"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls12"
                  },
                  {
                    "ArgValue": "on",
                    "ArgName": "tls13"
                  },
                  {
                    "ArgValue": "custom",
                    "ArgName": "ciphersuitegroup"
                  },
                  {
                    "ArgValue": "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
                    "ArgName": "ciphersuite"
                  }
                ],
              "functionName": "https_tls_version"
          }],
          "DomainNames": "example.com"
      }

Access control settings

referer_white_list_set

  • Configures a Referer whitelist. For more information, see Hotlink protection.

    Note
    • The Referer whitelist feature conflicts with the Referer blacklist feature (function: referer_black_list_set). Only one of the two features can be used at a time.

    • To switch between the two features, delete the existing configuration first. You can call the DeleteVodSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter set to off, the feature is still considered configured.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    refer_domain_allow_list

    String

    Yes

    A comma-separated list of whitelisted domain names.

    example.aliyundoc.com,demo.aliyundoc.com

    allow_empty

    String

    No

    Specifies whether to allow requests with an empty Referer header to access CDN resources. Valid values:

    • on: Allows requests with an empty Referer header.

    • off (default): Denies requests with an empty Referer header.

    off

    redirect_url

    String

    No

    If a request's Referer header does not match the whitelist, CDN returns a 302 redirect to this URL instead of a 403 error. The URL must start with http:// or https://.

    http://www.example.com

    disable_ast

    String

    No

    Specifies the match pattern for the domain names in the whitelist. If you set this parameter to on, only exact domain name matching is supported.

    • If set to on:

      • Exact match is supported.

        • If the whitelist is example.com, it matches example.com.

        • If the whitelist is a*b.example.com, it matches a<any characters>b.example.com.

      • Suffix match is not supported.

    • If set to off (default):

      • Exact match is supported.

      • Suffix match is supported.

        • If the whitelist is example.com, it matches example.com and <any characters>.example.com.

        • If the whitelist is a*b.example.com, it matches a<any characters>b.example.com and <any characters>.a<any characters>b.example.com.

    off

    ignore_scheme

    String

    No

    Specifies whether to ignore the scheme in the Referer header. If this parameter is set to on, a Referer header without an http:// or https:// prefix is still considered valid. Examples:

    • If set to on, an example of a valid Referer header is:

      referer: www.example.com

    • If set to off (default), an example of a valid Referer header is:

      referer: https://www.example.com

    off

  • Sample code:

    {
      "Functions": [
        {
          "functionArgs": [
            {
              "argName": "allow_empty",
              "argValue": "off"
            },
            {
              "argName": "refer_domain_allow_list",
              "argValue": "example.aliyundoc.com,demo.aliyundoc.com"
            },
            {
              "argName": "disable_ast",
              "argValue": "on"
            },
            {
              "argName": "ignore_scheme",
              "argValue": "on"
            },
            {
              "argName": "redirect_url",
              "argValue": "http://www.example.com"
            }
          ],
          "functionName": "referer_white_list_set"
        }
      ],
      "DomainNames": "example.com"
    }

referer_black_list_set

  • Configures a Referer blacklist. For more information, see Hotlink protection.

    Note
    • The Referer blacklist feature conflicts with the Referer whitelist feature (function: referer_white_list_set). Only one of the two features can be used at a time.

    • To switch between the two features, delete the existing configuration first. You can call the DeleteVodSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter set to off, the feature is still considered configured.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    refer_domain_deny_list

    String

    Yes

    A comma-separated list of domain names for the blacklist.

    example.aliyundoc.com,demo.aliyundoc.com

    allow_empty

    String

    No

    Specifies whether to allow requests that have an empty Referer header to access CDN resources. Valid values:

    • on: Allow

    • off: Deny

    off

    redirect_url

    String

    No

    If a request's Referer header matches the blacklist, CDN returns a 302 redirect to this URL instead of a 403 error. The URL must start with http:// or https://.

    http://www.example.com

    disable_ast

    String

    No

    Toggles between exact match and suffix match for domain names in the blacklist. Set to on for exact match only.

    • If set to on:

      • Exact match is supported.

        • If you enter example.com in the blacklist, example.com is matched.

        • If you enter a*b.example.com in the blacklist, it matches a<any characters>b.example.com.

      • Suffix match is not supported.

    • If set to off (default):

      • Exact match is not supported.

      • Suffix match is supported.

        • Entering example.com in the blacklist matches example.com and <any character>.example.com.

        • If you enter a*b.example.com in the blacklist, it matches a<any characters>b.example.com and <any characters>.a<any characters>b.example.com.

    off

    ignore_scheme

    String

    No

    Specifies whether to ignore the scheme in the Referer header. When set to on, a Referer header without a scheme is also considered valid. Examples:

    • When the value is on, the referer format is as follows:

      referer: www.example.com

    • When the value is off (default value), the referer format is as follows:

      referer: https://www.example.com

    off

  • Sample code:

    {
      "Functions": [
        {
          "functionArgs": [
            {
              "argName": "allow_empty",
              "argValue": "off"
            },
            {
              "argName": "refer_domain_deny_list",
              "argValue": "example.aliyundoc.com,demo.aliyundoc.com"
            },
            {
              "argName": "disable_ast",
              "argValue": "on"
            },
            {
              "argName": "ignore_scheme",
              "argValue": "on"
            },
            {
              "argName": "redirect_url",
              "argValue": "http://www.example.com"
            }
          ],
          "functionName": "referer_black_list_set"
        }
      ],
      "DomainNames": "example.com"
    }

aliauth

  • Configures URL signing. For more information, see URL signing.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    auth_m3u8

    String

    No

    Specifies whether to rewrite the content of M3U8 files. This setting adds signing information to the TS files within the M3U8 file, which prevents access failures. Valid values are on (default) and off.

    on

    auth_type

    String

    Yes

    The signing type. Valid values:

    • no_auth: No signing.

    • type_a: Type A signing.

    • type_b: Type B signing.

    • type_c: Type C signing.

    • type_d: Type D signing.

    • type_e: Type E signing.

    • type_f: Type F signing.

    type_a

    auth_key1

    String

    Yes

    Encryption key 1. The key must be 16 to 128 characters long and can contain uppercase letters, lowercase letters, and digits.

    1234567890123456789

    auth_key2

    String

    No

    Encryption key 2. The key must be 16 to 128 characters long and can contain uppercase letters, lowercase letters, and digits.

    1234567890123456789

    ali_auth_delta

    Integer

    No

    The signed URL validity period. Default: 1800. Unit: seconds.

    1800

    req_auth_ip_white

    String

    No

    The IP address whitelist. Requests from IP addresses in this list bypass signing.

    You can specify multiple IP addresses, separated by commas.

    192.168.0.1

    req_auth_ip_acl_xfwd

    String

    No

    The method to fetch the client IP address for the whitelist. Valid values:

    • on: (Default) Checks the leftmost IP address in the X-Forwarded-For header. This IP address is the originating client IP address.

    • off: Checks the IP address that the client uses to connect to the CDN point of presence (PoP).

    • all: Checks both of the following IP addresses:

      • The leftmost IP address in the X-Forwarded-For header, which is the originating client IP address.

      • The IP address that the client uses to connect to the CDN point of presence (PoP).

    all

    sign_param

    String

    No

    The name of the signing parameter. This parameter is valid only when auth_type is set to type_f.

    sign

    time_param

    String

    No

    The name of the timestamp parameter. This parameter is valid only when auth_type is set to type_f.

    time

    time_format

    String

    No

    The timestamp format. This parameter is valid only when auth_type is set to type_f.

    • dec: decimal

    • hex: hexadecimal

    hex

    path_encoding

    String

    No

    Specifies whether to enable URL encoding. Valid values are on and off. This parameter is valid only when auth_type is set to type_f.

    on

  • Configuration examples:

    • Type A signing

      {
          "Functions": [{
              "functionArgs": [{
                  "argName": "auth_type",
                  "argValue": "type_a"
              }, {
                  "argName": "auth_key1",
                  "argValue": "1234567890123456789"
              }, {
                  "argName": "auth_key2",
                  "argValue": "1234567890123456789"
              }, {
                  "argName": "ali_auth_delta",
                  "argValue": 1800
              }, {
                  "argName": "req_auth_ip_white",
                  "argValue": "192.168.0.1"
              }, {
                  "argName": "req_auth_ip_acl_xfwd",
                  "argValue": "all"
              }],
              "functionName": "aliauth"
          }],
          "domainNames": "example.com"
      }
    • Type F signing

      {
          "Functions": [{
              "functionArgs": [{
                  "argName": "auth_type",
                  "argValue": "type_f"
              },{
                  "argName": "auth_key1",
                  "argValue": "1234567890123456789"
              },{
                  "argName": "auth_key2",
                  "argValue": "1234567890123456789"
              },{
                  "argName": "ali_auth_delta",
                  "argValue": 1800
              },{
                  "argName": "sign_param",
                  "argValue": "sign"
              },{
                  "argName": "time_param",
                  "argValue": "time",
              },{
                  "argName": "time_format",
                  "argValue": "hex"
              },{
                  "argName": "path_encoding",
                  "argValue": "on"
              }],
              "functionName": "aliauth"
          }],
          "domainNames": "example.com"
      }

cdn_remote_auth

  • Configures remote authentication. For more information, see Remote authentication.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable remote authentication. Valid values:

    • on: Enables the feature.

    • off: Disables the feature.

    on

    remote_auth_addr

    String

    Yes

    The address of the authentication server. Format: https://cdn.aliyun.com/auth or http://10.10.10.10/auth.

    https://example.aliyundoc.com/auth

    remote_auth_method

    String

    Yes

    The request method. Valid values: GET, POST, and HEAD.

    GET

    remote_auth_type

    String

    Yes

    The file types that require authentication. Set to all to authenticate all file types. To specify multiple file types, separate them with a vertical bar (|). File types are case-sensitive. For example, jpg is not the same as JPG.

    all

    remote_auth_reserve_args

    String

    Yes

    Specifies which URL parameters to retain in the authentication request. To specify multiple parameters, separate them with a vertical bar (|). The parameters are case-insensitive. For example, key is treated the same as KEY.

    all: Retain all URL parameters.

    ali_delete_all_args: Delete all URL parameters.

    all

    remote_auth_custom_args

    String

    No

    The custom URL parameters to add to the authentication request. To specify multiple parameters, separate them with a vertical bar (|). The parameters are case-sensitive. For example, key is not the same as KEY.

    empty

    remote_auth_reserve_header

    String

    Yes

    Specifies which request headers to retain in the authentication request. To specify multiple headers, separate them with a vertical bar (|). The headers are case-insensitive. For example, http_remote_addr is treated the same as HTTP_Remote_Addr.

    • all: Retain all request headers.

    • ali_delete_all_headers: Delete all request headers.

    all

    remote_auth_custom_header

    String

    No

    The custom request headers to add to the authentication request. To specify multiple headers, separate them with a vertical bar (|). The headers are case-insensitive. For example, http_remote_addr is treated the same as HTTP_Remote_Addr.

    empty

    remote_auth_success_code

    Integer

    Yes

    The status code from the authentication server that indicates a successful authentication. For example, 200. Separate multiple status codes with a comma (,).

    200

    remote_auth_fail_code

    Integer

    Yes

    The status code from the authentication server that indicates a failed authentication. For example, 403. Separate multiple status codes with a comma (,).

    403,404

    remote_auth_other_code_act

    String

    No

    The action to take when the authentication server returns a status code not defined as a success or failure. Valid values:

    • pass (default): Allows the request.

    • reject: Rejects the request.

    pass

    remote_auth_fail_resp_code

    Integer

    Yes

    The status code that CDN returns to the client after a failed authentication. For example, 403.

    403

    remote_auth_timeout

    Integer

    Yes

    The authentication timeout in milliseconds (ms). Maximum: 3000.

    500

    remote_auth_timeout_action

    String

    Yes

    The timeout action. Valid values:

    • pass: Allows the user's request.

    • reject: Rejects the request and returns the specified remote_auth_fail_resp_code to the user.

    pass

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "remote_auth_addr",
                "argValue": "https://example.aliyundoc.com/auth"
            }, {
                "argName": "remote_auth_method",
                "argValue": "get"
            }, {
                "argName": "remote_auth_type",
                "argValue": "all"
            }, {
                "argName": "remote_auth_reserve_args",
                "argValue": "all"
            }, {
                "argName": "remote_auth_custom_args",
                "argValue": ""
            }, {
                "argName": "remote_auth_reserve_header",
                "argValue": "all"
            }, {
                "argName": "remote_auth_custom_header",
                "argValue": ""
            }, {
                "argName": "remote_auth_success_code",
                "argValue": "200"
            }, {
                "argName": "remote_auth_fail_code",
                "argValue": "403"
            }, {
                "argName": "remote_auth_other_code_act",
                "argValue": "pass"
            }, {
                "argName": "remote_auth_fail_resp_code",
                "argValue": "403"
            }, {
                "argName": "remote_auth_timeout",
                "argValue": 500
            }, {
                "argName": "remote_auth_timeout_action",
                "argValue": "pass"
            }],
            "functionName": "cdn_remote_auth"
        }],
        "DomainNames": "example.com"
    }

ip_allow_list_set

  • Configures an IP address whitelist. For more information, see IP address blacklist or whitelist.

    Note
    • The IP address whitelist feature conflicts with the IP address blacklist feature (function: ip_black_list_set). Only one of the two features can be used at a time.

    • To switch between the two features, delete the existing configuration first. You can call the DeleteVodSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter set to off, the feature is still considered configured.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    ip_list

    String

    Yes

    A comma-separated list of IP addresses or CIDR blocks.

    192.168.0.1/24

    customize_response_status_code

    String

    No

    The custom response status code. The value must be a three-digit number. If not specified, the default is 403.

    429

    ip_acl_xfwd

    String

    No

    Specifies how to determine the client IP address for verification. Valid values:

    • on: The default value. The first IP address from the left in the x-forwarded-for request header of the user request is used.

    • off: Uses the source IP of the connection for determination.

    • all: Uses both x-forwarded-for and real connection IP as criteria.

    all

    ip_list_notes

    String

    No

    A description of the IP list for your reference only.

    192.x.x.1 (Malicious IP address)

    192.x.x.2 (Untrusted IP address)

  • Sample code:

    {
      "Functions": [
        {
          "functionArgs": [
            {
              "argName": "ip_list",
              "argValue": "192.168.0.1/24"
            },
            {
              "argName": "ip_acl_xfwd",
              "argValue": "all"
            }
          ],
          "functionName": "ip_allow_list_set"
        }
      ],
      "DomainNames": "example.com"
    }

ip_black_list_set

  • Configures an IP address blacklist. For more information, see IP address blacklist or whitelist.

    Note
    • The IP address blacklist feature conflicts with the IP address whitelist feature (function: ip_allow_list_set). Only one of the two features can be used at a time.

    • To switch between the two features, delete the existing configuration first. You can call the DeleteVodSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter set to off, the feature is still considered configured.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    ip_list

    String

    Yes

    A comma-separated list of IP addresses.

    192.168.0.1

    customize_response_status_code

    String

    No

    The custom response status code. If you do not specify this parameter, the default is 403. Enter a three-digit number.

    429

    ip_acl_xfwd

    String

    No

    Specifies how to determine the client IP address for verification. Valid values:

    • on (default): Uses the leftmost IP address in the X-Forwarded-For header.

    • off: Uses the originating IP address of the connection.

    • all: Uses both the IP address in the X-Forwarded-For header and the originating IP address of the connection.

    all

    ip_list_notes

    String

    No

    A descriptive note for the IP address list.

    192.x.x.1 (Malicious IP address)

    192.x.x.2 (Untrusted IP address)

  • Sample code:

    {
      "Functions": [
        {
          "functionArgs": [
            {
              "argName": "ip_list",
              "argValue": "192.168.0.1"
            },
            {
              "argName": "ip_acl_xfwd",
              "argValue": "all"
            }
          ],
          "functionName": "ip_black_list_set"
        }
      ],
      "DomainNames": "example.com"
    }

ali_ua

  • Configures a User-Agent whitelist or blacklist. For more information, see Configure a User-Agent blacklist or whitelist.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    ua

    String

    Yes

    Specifies the User-Agent strings to match. You can use the wildcard character (*) to match any string. To specify multiple values, separate them with a vertical bar (|). Example: *curl*|*IE*|*chrome*|*firefox*.

    curl|IE|chrome|firefox

    type

    String

    Yes

    Specifies the list type. Valid values:

    • black: a blacklist.

    • white: a whitelist.

    Note

    The blacklist and whitelist are mutually exclusive.

    black

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "ua",
                "argValue": "*curl*|*IE*|*chrome*|*firefox*"
            }, {
                "argName": "type",
                "argValue": "black"
            }],
            "functionName": "ali_ua"
        }],
        "DomainNames": "example.com"
    }

EdgeScript settings

edge_function

  • Configures EdgeScript. For more information, see EdgeScript overview.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    rule

    String

    Yes

    The DSL rule.

    if eq($uri, '/') {\n rewrite('https://example.com/index.html', 'redirect')\n}

    pri

    Integer

    Yes

    The priority of the rule. Valid values: 0 to 999. A smaller value indicates a higher priority.

    Note

    The priorities for the head and foot execution positions are independent.

    0

    enable

    String

    Yes

    Specifies whether to enable the rule. Valid values:

    • on: Enabled.

    • off: Disabled.

    on

    name

    String

    Yes

    The rule name. The name can contain only letters and underscores (_).

    test

    pos

    String

    No

    The execution position of the rule. Valid values:

    • head (default): The rule runs at the head of the request processing flow.

    • foot: The rule runs at the foot of the request processing flow.

    head

    brk

    String

    No

    Specifies whether to interrupt execution. Valid values:

    • on: Prevents subsequent rules at the current execution position from being processed if this rule is matched.

    • off (default): Allows subsequent rules at the current execution position to be processed if this rule is matched.

    off

    option

    String

    No

    An extension field.

    empty

    grammar

    String

    No

    The rule syntax. Valid values: es2 (default) and js.

    /

    jsmode

    String

    No

    The JS execution mode. Valid values:

    • redirect: Intercept mode.

    • bypass (default): Bypass mode.

    /

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "name",
                "argValue": "test"
            }, {
                "argName": "rule",
                "argValue": "if eq($uri, '/') {\n  rewrite('https://example.com/index.html', 'redirect')\n}"
            }, {
                "argName": "pri",
                "argValue": "0"
            }, {
                "argName": "pos",
                "argValue": "head"
            }, {
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "brk",
                "argValue": "off"
            }, {
                "argName": "option",
                "argValue": ""
            }],
            "functionName": "edge_function"
        }],
        "DomainName": "example.com"
    }

Performance improvements

set_hashkey_args

  • Retains URL parameters. For more information, see Parameter filtering.

    Note
    • The URL parameter retaining feature conflicts with the URL parameter deleting feature (function: ali_remove_args). Only one of the two features can be used at a time.

    • To switch between the two features, delete the existing configuration first. You can call the DeleteVodSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter set to off, the feature is still considered configured.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    hashkey_args

    String

    No

    A comma-separated list of query parameters to retain. You can specify up to 10 parameters.

    key1,key2

    disable

    String

    Yes

    Specifies whether to ignore all query parameters. Valid values:

    • on: Ignores all parameters. With this setting, features to delete, retain, or modify parameters are disabled. The feature to add parameters is not affected.

    • off (default): Disables this feature. Features to retain, add, or delete parameters remain effective.

    Note

    The hashkey_args parameter takes precedence over this setting.

    on

    keep_oss_args

    String

    Yes

    Specifies whether to retain parameters in origin fetch requests. Valid values:

    • on: Retains all parameters in origin fetch requests.

    • off: The parameters in origin fetch requests match those in the cache key.

    on

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "hashkey_args",
                "argValue": ""
            }, {
                "argName": "keep_oss_args",
                "argValue": "on"
            }, {
                "argName": "disable",
                "argValue": "on"
            }],
            "functionName": "set_hashkey_args"
        }],
        "DomainNames": "example.com"
    }

ali_remove_args

  • Deletes URL parameters. For more information, see Parameter filtering.

    Note
    • The URL parameter deleting feature conflicts with the URL parameter retaining feature (function: set_hashkey_args). Only one of the two features can be used at a time.

    • To switch between the two features, delete the existing configuration first. You can call the DeleteVodSpecificConfig operation to delete configurations of a domain name. If a feature has a switch parameter set to off, the feature is still considered configured.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    ali_remove_args

    String

    Yes

    A space-separated list of query parameters to remove.

    Note

    The remaining parameters form the URL arguments of the cache key.

    test

    keep_oss_args

    String

    Yes

    Specifies whether to retain parameters in origin fetch requests. Valid values:

    • on: Retains all parameters in origin fetch requests.

    • off: The parameters in origin fetch requests match those in the cache key.

    off

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "ali_remove_args",
                "argValue": "test"
            }, {
                "argName": "keep_oss_args",
                "argValue": "off"
            }],
            "functionName": "ali_remove_args"
        }],
        "DomainNames": "example.com"
    }

image_transform

  • Configures image processing. For more information, see Image processing.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    enable

    String

    Yes

    Specifies whether to enable image processing. Valid values:

    • on: Enables the feature.

    • off: Disables the feature.

    on

    filetype

    String

    Yes

    A list of image formats supported for transcoding, separated by vertical bars (|). Valid values:

    • JPEG: JPEG image format.

    • JPG: JPG image format.

    • PNG: PNG image format.

    • WEBP: WEBP image format.

    • BMP: BMP image format.

    • GIF: GIF image format.

    • TIFF: TIFF image format.

    • JP2: JPEG 2000 image format.

    jpg|jpeg|png

    webp

    String

    No

    Specifies whether to enable adaptive WebP conversion. Valid values:

    • on: Enables the feature.

    • off: Disables the feature.

    on

    orient

    String

    No

    Specifies whether to enable auto-rotation for images. Valid values:

    • on: Enables the feature.

    • off: Disables the feature.

    Note

    This setting affects only images that contain rotation metadata.

    on

    slim

    Integer

    No

    Specifies the percentage (0–100) by which to reduce image quality for image slimming. This process reduces file size and saves bandwidth without changing the image's resolution, dimensions, or format.

    10

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "filetype",
                "argValue": "jpg|jpeg|png"
            }, {
                "argName": "webp",
                "argValue": "on"
            }, {
                "argName": "orient",
                "argValue": "on"
            }, {
                "argName": "slim",
                "argValue": ""
            }, {
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "image_transform"
        }],
        "DomainNames": "example.com"
    }

Video-related settings

range

  • Configures object chunking. For more information, see Object chunking.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    enable

    String

    Yes

    Specifies whether to enable range-based origin fetch. Valid values:

    • on: Enables the feature.

    • off: Disables the feature.

    • force: Force-enables the feature.

    on

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "range"
        }],
        "DomainNames": "example.com"
    }

video_seek

  • Configures video seeking. For more information, see Video seeking.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example

    enable

    String

    Yes

    Specifies whether to enable video seeking. Valid values:

    • on

    • off

    on

  • Sample code:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "video_seek"
        }],
        "DomainNames": "example.com"
    }

ali_video_split

  • Configures audio extraction. For more information, see Audio extraction.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    enable

    String

    Yes

    Specifies whether to enable audio-only playback. Valid values:

    • on: Enables the feature.

    • off: Disables the feature.

    on

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "ali_video_split"
        }],
        "DomainNames": "example.com"
    }

ali_video_preview

  • Configures video preview. For more information, see Audio and video preview.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    enable

    String

    Yes

    Specifies whether to enable video preview. Valid values:

    • on: Enables the feature.

    • off: Disables the feature.

    Note

    This feature supports TS and MP3 files. For FLV and MP4 files, use the video seek feature.

    on

    ali_video_preview_argument

    String

    Yes

    Specifies the name of the custom parameter for the preview duration. The value for this custom parameter must be specified in seconds.

    fds

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }, {
                "argName": "ali_video_preview_argument",
                "argValue": "fds"
            }],
            "functionName": "ali_video_preview"
        }],
        "DomainNames": "example.com"
    }

hls_token_rewrite

  • Configures M3U8 encryption and rewrite. For more information, see Parameter pass-through for HLS encryption.

  • Parameters:

    Parameter

    Type

    Required

    Description

    Example value

    enable

    String

    Yes

    Specifies whether to enable HLS token rewrite. Valid values:

    • on: Enables the feature.

    • off: Disables the feature.

    on

    hls_token_arg_name

    String

    No

    Specifies the name of the custom HLS token parameter. If you do not specify a name, the default MtsHlsUriToken is used.

    example

  • Configuration example:

    {
        "Functions": [{
            "functionArgs": [{
                "argName": "enable",
                "argValue": "on"
            }],
            "functionName": "hls_token_rewrite"
        }],
        "DomainNames": "example.com",
    }