tencent cloud

Tencent Cloud EdgeOne

Release Notes and Announcements

Security Announcement

Protection against DDoS attacks targeting HTTP/2 protocol vulnerabilities

Announcements

[Tencent Cloud EdgeOne] Announcement On Edge Function Billing Adjustment

Notice regarding the addition of TrustAsia free certificate issuance source

[Tencent Cloud EdgeOne] Impact of Root Certificate Changes from Let's Encrypt

[Tencent Cloud EdgeOne] NS Access Mode Upgrade Announcement

[Tencent Cloud EdgeOne] VAU Unit Change Notification

EdgeOne Console Upgrade Instructions

【Tencent Cloud EdgeOne】Cloud API Change Notification

Product Introduction

Comparison Between EdgeOne and CDN Products

Purchase Guide

Getting Started

Quick access to L4 proxy service

Domain Service&Origin Configuration

Domain Service

Hosting DNS Records

Modifying DNS Servers

Configuring DNS Records

Batch Importing DNS Records

Advanced DNS Configuration

Enumeration of Resolution Lines and Corresponding Codes

Domain Connection

Adding A Domain Name for Acceleration

Ownership Verification

Modifying CNAME Records

Verify Business Access

Traffic Scheduling

Traffic Scheduling Management

HTTPS Certificate

Deploying/Updating SSL Certificate for A Domain Name

Configuring A Free Certificate for A Domain Name

Mutual Authentication

Using Keyless Certificate

HTTPS Configuration

Forced HTTPS Access

SSL/TLS Security Configuration

Configuring SSL/TLS Security

TLS Versions and Cipher Suites

Enabling OCSP Stapling

Related References

Using OpenSSL to Generate Self-Signed Certificates

Certificate Format Requirements

Origin Configuration

Load Balancing

Quickly Create Load Balancers

Health Check Policies

Viewing the Health Status of Origin Server

Related References

Load Balancing-Related Concepts

Introduction to Request Retry Strategy

Origin Group Configuration

Origin-pull configuration

Origin-Pull Timeout

Configuring Origin-Pull HTTPS

Host Header Rewrite

Controlling Origin-pull Requests

Redirect Following During Origin-Pull

HTTP/2 Origin-Pull

Origin Protection

Related References

ld Version Origin Group Compatible Related Issues

Site Acceleration

Access Control

Token Authentication

Introduction to Token Authentication

Authentication Method A

Authentication Method B

Authentication Method C

Authentication Method D

Authentication Method V

Smart Acceleration

Cache Configuration

EdgeOne Cache Rules

Content Cache Rules

Cache Key Introduction

Cache Configuration

Custom Cache Key

Status Code Cache TTL

Browser Cache TTL

Offline Caching

Clear and Preheat Cach

URL Pre-Warming

How to improve the Cache Hit Rate of EdgeOne

File Optimization

Smart Compression

Network Optimization

HTTP/3(QUIC)

QUIC SDK

SDK Download and Integration

Sample Code

API Documentation

Maximum Upload Size

Origin-Pull Request Headers Carrying Client IP

Origin-Pull Request Headers Carrying Client IP Geo Location

URL Rewrite

Access URL Redirection

Origin-Pull URL Rewrite

Modifying Header

Modifying HTTP Response Headers

Modifying HTTP Request Headers

Modify the response content

Custom Error Page

Rule Engine

Rule Management

Supported Matching Types and Actions

Related References

Rule Engine Configuration Character Limit

Request and Response Actions

Processing order

Default HTTP Headers of Origin-Pull Requests

Default HTTP Response Headers

HTTP Restrictions

DDoS & Web Protection

DDoS Protection

DDoS Protection Overview

Exclusive DDoS Protection Usage

Configuration of Exclusive DDoS protection Rules

Increase DDoS Protection Level

Exclusive DDoS Traffic Alarm

Configuration IP blocklist/allowlist

Configuration Region Blocking Rule

Configuration Port Filtering

Configuration Features Filtering

Configuration Protocol Blocking Rule

Configuration Connections Attack Protection

Related References

Related Concepts Introduction

Web Protection

Custom Response Page

Alarm Notification

Image&Video Processing

Audio and Video Pre-pulling

Just-in-Time Image Processing

Video Just-In-Time Processing

VOD Media Origin

Edge Functions

Getting Started

Operation Guide

Function Management

Function Trigger

Environment Variable

Runtime APIs

addEventListener

Streams

ReadableStreamBYOBReader

ReadableStreamDefaultReader

TransformStream

WritableStreamDefaultWriter

Images

ImageProperties

Sample Functions

Best Practices

Adaptive Image Format Conversion via Edge Functions

L4 Proxy

Creating an L4 Proxy Instance

Modifying an L4 Proxy Instance

Disabling or Deleting an L4 Proxy Instance

Batch Configuring Forwarding Rules

Obtaining Real Client IPs

Passing Real TCP Client IPs via TOA

Obtaining Real Client IPs Through Protocol V1/V2

Method 1: Obtaining Real Client IPs Through Nginx

Method 2: Parsing Real Client IPs on Application Server

Format of Real Client IPs Obtained Through Proxy Protocol V1/V2

Passing Real Client IP Through SPP

Data Analysis&Log Service

Log Service

Real-time Logs

Real-time Logs Overview

Push to Tencent Cloud CLS

Push to AWS S3-Compatible COS

Push to HTTP Server

Related References

Field description

Edge Function Running Logs

Real-Time Log Push Filter Conditions

Custom Log Push Fields

Customizing Log Output Formats

Data Analysis

Web Security Analysis

Related References

Sampling Statistics

How to use filter condition

How to Modify Query Time Range

How to Export Statistical Data and Reports

Legacy Console Relevant Documentation

Traffic Analysis

Security Analysis

Site Security Overview

Web Security Analysis

Alarm Service

Custom Statistical Metrics

Version Management

Enable Version Management

Verify in the test environment and then release to the production environment

Quickly roll back to a previous version

Site and Billing Management

Billing Management

Usage Cap Policy

Tag-based Cost Allocation

Plan Destruction Guide

Site Management

Quickly Importing and Exporting Site Configuration

General Policy

Terraform

Installing and Configuring Terraform

Configuring Site Acceleration Through Terraform

Configuring Rule Engine Through Terraform

Practical Tutorial

Automatic Warm-up/Cache Purge

EdgeOne + COS Realizes Automatic Warm-up

EdgeOne + COS Realizes Automatic Cache Purge

Resource Abuse/hotlinking Protection Practical

EdgeOne Resource Abuse Prevention

EdgeOne Hotlink Protection Practical Tutorial

HTTPS Related Practices

Quickly Enabling HTTPS Access with EdgeOne Free Certificate

Acceleration Optimization

Cross-regional Secure Acceleration (Oversea Sites)

Scheduling Traffic

Through traffic orchestration to multiple service providers

Scheduling Traffic to EdgeOne by Performing Canary Switching

Origin-pull Based On User IP/geolocation

EdgeOne Implementation of Session Persistence Based on Client IP Addresses

EdgeOne Implementation of Origin-Pull Based on Client's Geo Location

APK Dynamic Packaging

EdgeOne facilitate APK dynamic packaging of Android

Feature Overview

Step 1: Preprocess the Android APK Parent Package

Step 2: Write the Channel Information into the APK Package with EdgeOne Edge Functions

Step 3: Implement Test and Verify the Outcome Effectiveness

Data Analysis and Alerting

Configuring EdgeOne Security Event Alarms via TCOP

API Documentation

Making API Requests

Request Structure

Site APIs

DescribeIdentifications

ModifyZoneStatus

CheckCnameStatus

VerifyOwnership

ExportZoneConfig

ImportZoneConfig

DescribeZoneConfigImportResult

Acceleration Domain Management APIs

CreateAccelerationDomain

DescribeAccelerationDomains

ModifyAccelerationDomain

ModifyAccelerationDomainStatuses

DeleteAccelerationDomains

CreateSharedCNAME

BindSharedCNAME

DeleteSharedCNAME

Site Acceleration Configuration APIs

CreateL7AccRules

DescribeL7AccRules

ModifyL7AccRule

DeleteL7AccRules

DescribeL7AccSetting

ModifyL7AccSetting

ModifyL7AccRulePriority

Edge Function APIs

DescribeFunctions

CreateFunctionRule

DescribeFunctionRules

ModifyFunctionRule

ModifyFunctionRulePriority

DeleteFunctionRules

DescribeFunctionRuntimeEnvironment

HandleFunctionRuntimeEnvironment

Alias Domain APIs

CreateAliasDomain

DescribeAliasDomains

ModifyAliasDomain

ModifyAliasDomainStatus

DeleteAliasDomain

Security Configuration APIs

CreateSecurityIPGroup

DescribeSecurityIPGroup

ModifySecurityIPGroup

DeleteSecurityIPGroup

DescribeOriginProtection

DescribeSecurityTemplateBindings

ModifySecurityPolicy

BindSecurityTemplateToEntity

DescribeSecurityIPGroupInfo

Layer 4 Application Proxy APIs

ModifyL4ProxyStatus

DescribeL4Proxy

CreateL4ProxyRules

ModifyL4ProxyRules

ModifyL4ProxyRulesStatus

DescribeL4ProxyRules

DeleteL4ProxyRules

Content Management APIs

CreatePurgeTask

DescribePurgeTasks

CreatePrefetchTask

DescribePrefetchTasks

DescribeContentQuota

Data Analysis APIs

DescribeDDoSAttackData

DescribeDDoSAttackEvent

DescribeDDoSAttackTopData

DescribeOverviewL7Data

DescribeTimingL4Data

DescribeTimingL7AnalysisData

DescribeTopL7AnalysisData

DescribeTimingL7CacheData

DescribeTopL7CacheData

Log Service APIs

CreateRealtimeLogDeliveryTask

ModifyRealtimeLogDeliveryTask

DeleteRealtimeLogDeliveryTask

DescribeRealtimeLogDeliveryTasks

Billing APIs

IncreasePlanQuota

CreatePlanForZone

DescribeBillingData

DescribeAvailablePlans

Certificate APIs

DescribeDefaultCertificates

ModifyHostsCertificate

Load Balancing APIs

CreateOriginGroup

ModifyOriginGroup

DeleteOriginGroup

DescribeOriginGroup

CreateLoadBalancer

ModifyLoadBalancer

DeleteLoadBalancer

DescribeLoadBalancerList

DescribeOriginGroupHealthStatus

Diagnostic Tool APIs

DescribeIPRegion

Custom Response Page APIs

CreateCustomizeErrorPage

DescribeCustomErrorPages

ModifyCustomErrorPage

DeleteCustomErrorPage

DNS Record APIs

CreateDnsRecord

DescribeDnsRecords

ModifyDnsRecords

ModifyDnsRecordsStatus

DeleteDnsRecords

Content Identifier APIs

CreateContentIdentifier

DescribeContentIdentifiers

ModifyContentIdentifier

DeleteContentIdentifier

Old Version APIs

DescribeZoneSetting

ModifyZoneSetting

DescribeHostsSetting

DescribeRulesSetting

CreateApplicationProxy

DescribeApplicationProxies

ModifyApplicationProxy

ModifyApplicationProxyStatus

DeleteApplicationProxy

CreateApplicationProxyRule

ModifyApplicationProxyRule

ModifyApplicationProxyRuleStatus

DeleteApplicationProxyRule

Version Management APIs

CreateConfigGroupVersion

DeployConfigGroupVersion

DescribeConfigGroupVersionDetail

DescribeConfigGroupVersions

DescribeDeployHistory

DescribeEnvironments

Common Guidelines

FAQs

Product Features FAQs

Domain Service and DNS FAQs

Site Acceleration FAQs

Data and Log FAQs

Security Protection-related Queries

Origin Configuration FAQs

Troubleshooting

Reference for Abnormal Status Codes

Troubleshooting Guide for EdgeOne 4XX/5XX Status Codes

Tool Guide

Speed Test Tools

Real User Monitoring

Diagnostic Tool

Self-service debugging

IP Location Query

Agreements

Service Level Agreement

TEO Policy

Data Processing And Security Agreement

DocumentationTencent Cloud EdgeOneEdge FunctionsSample FunctionsCustomize Referer restriction rules

Customize Referer restriction rules

Last updated: 2024-08-26 16:48:20

Customize Referer restriction rules

Last updated: 2024-08-26 16:48:20

This example determines the source of a request by checking the Referer field in the HTTP request header. You can flexibly set the matching rules for the Referer field based on your needs. If the Referer field in a request is missing or its value does not match the preset domain name list, the edge function will block such requests and return a 403 status code to indicate that the access is denied. This is commonly used to restrict access to resources on websites.
async function handleRequest(request) {
  // Collect the Referer
  const referer = request.headers.get('Referer');
﻿
  // If the Referer is empty, access is denied
  if (!referer) {
    return new Response(null, { status: 403 });
  }
  
  // Set Referer allowlist
  const urlInfo = new URL(request.url);
  const refererRegExp = new RegExp(`^https?:\/\/${urlInfo.hostname}\/t-[0-9a-z]{10}\/.*`)
  
  // If the Referer is not on the allowlist, access is denied
  if (!refererRegExp.test(referer)) {
    return new Response(null, { status: 403 });
  }
﻿
  // Normal request, access EdgeOne node cache or origin-pull
  return fetch(request);
}
﻿
addEventListener('fetch', event => {
  // When the function code throws an unhandled exception, the Edge function transmits this request back to the origin
  event.passThroughOnException();
  event.respondWith(handleRequest(event.request));
});
Example Preview
Enter the URL that matches the Edge function triggering rules in the address bar of the browser on the PC end and mobile end (e.g., https://example.com/images/ef-1.jpeg) to preview the example effect.
HTTP request header Referer is https://example.com/t-0123456789/page, and the Edge function responds normally to the image.
﻿
HTTP request header Referer is not on the allowlist, and the Edge function identifies it as a leeching link and responds with a 403 status code.
﻿
Related References
Runtime APIs: Fetch
Runtime APIs: Headers
Runtime APIs: Response
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

No

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support