Release Notes and Announcements
- Release Notes
- Security Announcement
  - Protection against DDoS attacks targeting HTTP/2 protocol vulnerabilities
- Announcements
  - EdgeOne Console Upgrade Instructions
  - 【Tencent Cloud EdgeOne】Cloud API Change Notification
Product Introduction
- Overview
- Strengths
- Use Cases
Purchase Guide
- Billing Overview
- Basic Service Fees
  - Plan Fees
  - Fees for Out-of-plan Resource Usage (Pay-as-You-Go)
- Value-added Service Fees
- Related Tencent Cloud Services
- Extra Package Description (Prepaid)
- Subscriptions
  - Purchase Guide
  - Extra Package Purchase Guide
- Renewals
  - Renewal Guide
  - Extra Package Auto-renewed Guide
- Overdue and Expiration Policies
- Refund Policy
- Usage Cap Policy
- EdgeOne Plan Upgrade Guide
- Comparison of EdgeOne Plans
- Billing Usage
- About "clean traffic" billing instructions
Getting Started
- Quick Start
- Quick access to L4 proxy service
Domain Service
- Hosting DNS Records
- Domain Connection
- HTTPS Certificate
  - Overview
  - Deploying/Updating SSL Certificate for A Domain Name
  - Configuring A Free Certificate for A Domain Name
  - HTTPS Configuration
    - Forced HTTPS Access
    - Enabling HSTS
    - SSL/TLS Security Configuration
      - Configuring SSL/TLS Security
      - TLS Versions and Cipher Suites
    - Enabling OCSP Stapling
- Domain alias
- Traffic Scheduling
  - Traffic Scheduling Management
Site Acceleration
- Overview
- Access Control
  - Token Authentication
- Smart Acceleration
- Cache Configuration
  - Overview
  - EdgeOne Cache Rules
  - Cache Configuration
  - Clear and Preheat Cach
    - Cache Purge
    - URL Pre-Warming
  - How to improve the Cache Hit Rate of EdgeOne
- File Optimization
  - Smart Compression
- Media processing
  - Image Processing
- Network Optimization
  - HTTP/2
  - HTTP/3(QUIC)
    - Overview
    - Enable HTTP/3
    - QUIC SDK
      - SDK Overview
      - SDK Download and Integration
      - Sample Code
        Android
        iOS
      - API Documentation
        Android
        iOS
  - IPv6 Access
  - Maximum Upload Size
  - WebSocket
  - Client IP Geolocation Header
  - Client IP Geographical Location
  - gRPC
- URL Rewrite
  - Access URL Redirection
  - Origin-Pull URL Rewrite
- Modifying Header
  - Modifying HTTP Response Headers
  - Modifying HTTP Request Headers
- Custom Error Page
- Request and Response Actions
Origin Configuration
- Load Balancing
- Origin Group Configuration
- Origin-pull configuration
- Related References
  - ld Version Origin Group Compatible Related Issues
  - VOD Origin Server Details
- Collect EdgeOne origin-pull node IP
Edge Functions
- Overview
- Getting Started
- Operation Guide
  - Function Management
  - Function Trigger
- Runtime APIs
- Sample Functions
- Best Practices
  - Adaptive Image Format Conversion via Edge Functions
Security Protection
- Overview
- DDoS Protection
  - DDoS Protection Overview
  - Exclusive DDoS Protection Usage
  - Configuration of Exclusive DDoS protection Rules
- Web Protection
- Bot Management
  - Overview
  - Bot Intelligent analysis
  - Bot Basic Feature Management
  - Client Reputation
  - Active Detection
  - Custom Bot Rule
  - Bot Exception Rule
  - Related References
    - Action
- Rules Template
- IP and IP Segment Grouping
- Origin Protection
- Custom Response Page
- Alarm Notification
Rule Engine
- Overview
- Supported Matching Types and Actions
- Rule Management
- variables
L4 Proxy
- Overview
- Creating an L4 Proxy Instance
- Modifying an L4 Proxy Instance
- Disabling or Deleting an L4 Proxy Instance
- Batch Configuring Forwarding Rules
- Obtaining Real Client IPs
  - Obtaining Real TCP Client IPs via TOA
  - Obtaining Real Client IPs Through Protocol V1/V2
Data Analysis&Log Service
- Log Service
  - Overview
  - Real-time Logs
  - Offline Logs
  - Related References
    - Field description
      - L7 Access Logs
      - L4 Proxy Logs
    - Real-Time Log Push Filter Conditions
    - Custom Log Push Fields
- Data Analysis
  - Overview
  - Traffic Analysis
  - Cache Analysis
  - Security Analysis
    - Site Security Overview
    - Web Security Analysis
  - L4 Proxy
  - DNS Resolution
  - Related References
- Analytics
Tool Guide
- Diagnostic Tool
  - Self-service debugging
- Speed Test Tools
  - Real User Monitoring
- Terraform
- IP Location Query
Practical Tutorial
- EdgeOne initiates Automatic Warm-up
- Cross-regional Secure Acceleration (Oversea Sites)
- Scheduling Traffic to EdgeOne by Performing Canary Switching
- Through traffic orchestration to multiple service providers
API Documentation
- History
- Introduction
- API Category
- Making API Requests
  - Request Structure
  - Common Params
  - Signature v3
  - Signature
  - Responses
- Site APIs
  - CreateZone
  - DescribeIdentifications
  - ModifyZone
  - DeleteZone
  - ModifyZoneStatus
  - CheckCnameStatus
  - IdentifyZone
  - DescribeZones
  - VerifyOwnership
- Acceleration Domain Management APIs
  - CreateAccelerationDomain
  - DescribeAccelerationDomains
  - ModifyAccelerationDomain
  - ModifyAccelerationDomainStatuses
  - DeleteAccelerationDomains
  - CreateSharedCNAME
  - BindSharedCNAME
  - DeleteSharedCNAME
- Site Acceleration Configuration APIs
  - CreateRule
  - DeleteRules
  - DescribeHostsSetting
  - DescribeRules
  - DescribeRulesSetting
  - DescribeZoneSetting
  - ModifyRule
  - ModifyZoneSetting
- Alias Domain APIs
  - CreateAliasDomain
  - DescribeAliasDomains
  - ModifyAliasDomain
  - ModifyAliasDomainStatus
  - DeleteAliasDomain
- Security Configuration APIs
  - CreateSecurityIPGroup
  - DescribeSecurityIPGroup
  - ModifySecurityIPGroup
  - DeleteSecurityIPGroup
  - DescribeOriginProtection
  - DescribeSecurityTemplateBindings
  - ModifySecurityPolicy
  - BindSecurityTemplateToEntity
  - DescribeSecurityIPGroupInfo
- Layer 4 Application Proxy APIs
  - CreateL4Proxy
  - ModifyL4Proxy
  - ModifyL4ProxyStatus
  - DescribeL4Proxy
  - DeleteL4Proxy
  - CreateL4ProxyRules
  - ModifyL4ProxyRules
  - ModifyL4ProxyRulesStatus
  - DescribeL4ProxyRules
  - DeleteL4ProxyRules
  - CreateApplicationProxy
  - ModifyApplicationProxy
  - ModifyApplicationProxyStatus
  - DescribeApplicationProxies
  - DeleteApplicationProxy
  - CreateApplicationProxyRule
  - ModifyApplicationProxyRule
  - ModifyApplicationProxyRuleStatus
  - DeleteApplicationProxyRule
- Content Management APIs
  - CreatePurgeTask
  - DescribePurgeTasks
  - CreatePrefetchTask
  - DescribePrefetchTasks
  - DescribeContentQuota
- Data Analysis APIs
  - DescribeDDoSAttackData
  - DescribeDDoSAttackEvent
  - DescribeDDoSAttackTopData
  - DescribeOverviewL7Data
  - DescribeTimingL4Data
  - DescribeTimingL7AnalysisData
  - DescribeTopL7AnalysisData
  - DescribeTimingL7CacheData
  - DescribeTopL7CacheData
- Log Service APIs
  - DownloadL7Logs
  - DownloadL4Logs
  - CreateCLSIndex
  - CreateRealtimeLogDeliveryTask
  - ModifyRealtimeLogDeliveryTask
  - DeleteRealtimeLogDeliveryTask
  - DescribeRealtimeLogDeliveryTasks
- Billing APIs
  - CreatePlan
  - UpgradePlan
  - RenewPlan
  - ModifyPlan
  - IncreasePlanQuota
  - DestroyPlan
  - CreatePlanForZone
  - BindZoneToPlan
  - DescribeBillingData
  - DescribeAvailablePlans
- Certificate APIs
  - DescribeDefaultCertificates
  - ModifyHostsCertificate
- Load Balancing APIs
  - CreateOriginGroup
  - ModifyOriginGroup
  - DeleteOriginGroup
  - DescribeOriginGroup
- Custom Response Page APIs
  - CreateCustomizeErrorPage
  - DescribeCustomErrorPages
  - ModifyCustomErrorPage
  - DeleteCustomErrorPage
- Diagnostic Tool APIs
  - DescribeIPRegion
- Version Management APIs
  - CreateConfigGroupVersion
  - DeployConfigGroupVersion
  - DescribeConfigGroupVersionDetail
  - DescribeConfigGroupVersions
  - DescribeDeployHistory
  - DescribeEnvironments
- Data Types
- Error Codes
FAQs
- Reference for Abnormal Status Codes
- Product Features FAQs
- Domain Service FAQs
- Site Acceleration FAQs
- Data and Log FAQs
- Security Protection-related Queries
Agreements
- Service Level Agreement
TEO Policy
- Privacy Policy
- Data Processing And Security Agreement
Contact Us
Glossary

Authenticating a Request Header

This example demonstrates how to use an edge function to perform simple permission control by verifying the value of the x-custom-token request header. If the value is token-123456, access is allowed. Otherwise, access is denied.
Sample Code
async function handleRequest(request) {
  const token = request.headers.get('x-custom-token');
﻿
  if (token === 'token-123456') {
    return new Response('hello world');
  }
﻿
  // Incorrect key supplied. Reject the request.
  return new Response('Sorry, you have supplied an invalid token.', {
    status: 403,
  });
}
﻿
addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request));
});
Sample Preview
In the address bar of the browser, enter a URL that matches a trigger rule of the edge function to preview the effect of the sample code.
If authentication fails, access is denied.
﻿
If authentication is successful, access is allowed.
﻿
References
Runtime APIs: Headers
Runtime APIs: Response