Referer Validation
You can set a referer blacklist or whitelist to identify and filter out values of the Referer header in HTTP requests, controlling access sources.
Background
The Referer header identifies the address of the web page from which the resource has been requested. CDN PoPs can use this header to trace and identify the source.
When receiving access requests from users, the CDN PoPs identify and check users against the referer blacklist or whitelist. Only users meeting blacklist and whitelist requirements can access the content. Unqualified users will receive a 403 error response.

Precautions
- This function is disabled by default.
- Either a referer blacklist or whitelist can be configured.
- This function sets access control rules based on the Referer header in HTTP requests. When a client request hits the blacklist and is blocked, a small amount of traffic or bandwidth fees are generated. If the service type of the domain name is whole site acceleration, the client request is also charged for the request fees.
Procedure
- Log in to Huawei Cloud console. Choose .
The CDN console is displayed.
- In the navigation pane, choose .
- In the domain list, click the target domain name or click Configure in the Operation column.
- Click the Access Control tab.
- In the Referer Validation area, click Edit.
Figure 2 Configuring referer validation
- Switch on Status to enable this configuration item.
- Select a value for Type and set referer parameters based on service requirements. The following table describes the parameters.
- In the Rule text box, enter the domain names.
- Click OK.
- (Optional) Disable referer validation.
- Switch off Status to disable referer validation and clear all referer validation settings. You need to set related parameters when enabling this function again.
Verification
After you configure a referer rule, CDN allows or blocks client requests based on the rule. You can run curl commands to check whether the configuration works.
Scenario: Assume that you have configured a referer blacklist to block requests coming from referer example.com and you have disabled Include blank referer.
Expected result: CDN blocks requests containing http://example.com or https://example.com in the referer field, but it accepts other requests.
- To test access from the primary domain name, run curl -e http://example.com -I CDN acceleration domain name.
- To test access from a sub-domain name, for example, http://abc.example.com, run curl -e http://abc.example.com -I CDN acceleration domain name.
- To test access from another domain name, for example, http://axample.com, run curl -e http://axample.com -I CDN acceleration domain name.
- To test access with a blank referer, run curl -e " " -I CDN acceleration domain name.
- To test access from a domain name without protocol, for example, axample.com, run curl -e axample.com -ICDN acceleration domain name.
Examples
- Assume that a referer whitelist www.test.com is configured for the domain name www.example.com and Include blank referer is selected.
- If user 1 requests the URL https://www.example.com/file.html and the value of the referer field in the request is blank, CDN returns the content.
- If user 2 requests the URL https://www.example.com/file.html and the value of the referer field in the request is www.test.com, CDN returns the content.
- If user 3 requests the URL https://www.example.com/file.html and the value of the referer field in the request is www.abc.com, CDN returns a 403 error response code.
- Assume that a referer blacklist www.test01.com is configured for the domain name www.example01.com and Include blank referer is selected.
- If user 1 requests the URL https://www.example01.com/file.html and the value of the referer field in the request is blank, CDN returns a 403 error response code.
- If user 2 requests the URL https://www.example01.com/file.html and the value of the referer field in the request is www.test01.com, CDN returns a 403 error response code.
- If user 3 requests the URL https://www.example01.com/file.html and the value of the referer field in the request is www.bcd.com, CDN returns the content.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.