How to use Alibaba Cloud CDN for corporate official website domain names and avoid malicious traffic risks

To apply Alibaba Cloud CDN to official website domain names and effectively prevent malicious traffic theft, a two-step operation is needed: first connect to the CDN for acceleration, and then configure security policies. The following are the specific processes and protection plans:

1. The operation process for Alibaba Cloud CDN to access the official website domain name

1. Open CDN services

Log in to the Alibaba Cloud console, enter the CDN product page, click "Activate Now" and select the charging type (the default is based on traffic), and complete the activation after agreeing to the agreement.

2. Add accelerated domain names

Click "Add Domain Name" in "Domain Name Management" in the CDN console and enter the official website domain name (such as www.example.com).

Key configurations:

Only in mainland China (domain name must have been registered with ICP)

Global (including overseas nodes)

Global (excluding mainland China).

Acceleration area: Select based on user distribution:

Origin server settings: Enter the official website server IP or domain name (for example, origin server is origin.example.com).

3. Verify domain name ownership

Select DNS resolution verification: Add a TXT record to a domain name resolution platform (such as Alibaba Cloud DNS), and the content is the verification value provided by Alibaba Cloud to complete ownership confirmation.

4. Configure CNAME resolution

After adding the accelerated domain name, the CDN generates a CNAME address (such as example.com.w.kunlunsl.com). On the domain name resolution platform, change the DNS record type of the official website domain name to CNAME, point to that address, and wait for it to take effect (usually 30 minutes).

5. Verify acceleration

Local test: Use ping or a browser to visit the official website domain name and check whether the resolution reaches the CDN node IP.

Check the traffic data through the Alibaba Cloud CDN console to confirm that the acceleration takes effect.

2. Protection strategies to prevent malicious swiping traffic

Maliciously swiping traffic may lead to bandwidth surges and high bills, and the following measures need to be combined:

1. Basic protection configuration

referer hotlink protection

Set up whitelist: Only official website domain names (such as *. example.com) andMini programsOfficial Referers (such as WeChat https://servicewechat.com/*) access resources.

Turn on "Allow Empty Referer Access" to be compatible with direct app access.

IP black and white list

Intercept malicious IP segments: Add suspicious IPs (such as attack source IP) to the blacklist through the "security configuration" of the CDN console.

Whitelist mode: Only corporate office IP or trusted IP access is allowed (suitable for internal systems).

access frequency limit

Set the frequency of single IP requests (such as 1 QPS): Automatic blocking if the threshold is exceeded, effectively suppressing CC attacks.

2. Advanced protection and cost control

URL authentication

Enable dynamic keys: A temporary link with a timestamp and signature is generated, and an illegal link returns 403. Suitable for protecting videos and downloading resources.

Bandwidth and usage caps

Set a "bandwidth cap" or "traffic threshold" on the CDN console, and automatically stop the service after exceeding it to prevent costs from getting out of control.

Activate Secure Content Delivery Network SCDN

For high-attack-risk businesses, SCDN integrates WAF, Anti-DDoS and frequency control to provide comprehensive protection (additional purchase is required).

3. Monitoring and Incident Response Service

Real-time monitoring reports

Analyze the "Most Visited IP/URL/Referer" report to identify abnormal requests (such as high-frequency access from a single IP).

alarm setting

Configure SMS/email alerts for sudden traffic increases and intervene in a timely manner.

Sandbox mechanism

When a domain name is attacked, Alibaba Cloud will automatically cut it into the sandbox (service quality degradation), and needs to contact customer service to remove it.

3. Best practice recommendations

Enable protection by services:

Static resources (such as pictures) → Referer hotlink protection + IP blacklist

Dynamic API interface → Frequency control + URL authentication.

Regularly optimize rules:

Update the IP blacklist according to the report and adjust the frequency limit threshold.

Measures to cover costs:

Purchase prepaid traffic packages to reduce costs and open usage caps.

Explanation: Even if malicious requests are intercepted, Alibaba Cloud will still charge traffic charges for 4xx responses (industry general practice), so bandwidth capping + SCDN is the core means of defense against large-scale attacks.

Through the above steps, the official website can safely enjoy CDN acceleration while avoiding the risk of malicious traffic.