To control the source of access to your business resources, you can use the IP access limit feature in CDN. By limiting the number of access requests to a node per second from a client IP, you can defend against high-frequency CC attacks and prevent hotlinking by malicious users.
Log in to the CDN Console, select Domain Management on the left sidebar, and click Manage on the right of the domain name to enter its configuration page. Under the Access Control tab, find the IP access limit configuration. It is disabled by default, and the threshold is left empty:
Enter the frequency threshold and click OK to enable IP access limit.
You can switch to disable this feature. When the switch is off, this feature does not take effect in the production environment even if there is an existing configuration. When the switch is on, this configuration will take effect across the entire network:
If your acceleration domain name is configured for global acceleration, the IP access limit configuration will take effect globally. This configuration does not distinguish between requests from and outside of Mainland China.
Suppose the IP access limit for the acceleration domain name
www.test.com is as follow:
The actual access status will be as follows:
126.96.36.199requests the resource
http://www.test.com/1.jpgfor 10 times in one second, and all access requests are made to one server on CDN cache node A. 10 access logs will be generated on this server, 9 of which exceed the QPS limit. The status code "514" will be returned.
188.8.131.52requests the resource
http://www.test.com/1.jpgfor 2 times in one second, and the access requests may be distributed to two CDN cache nodes for processing due to network conditions. Each node will return the content normally.