How can I use URL Signing (Advanced Settings) For HTTP Pull CDN resource?
Protect your files from unauthorized access with a key and optionally an expiration time. Enabling this option provides an entry field to enter a secret key to securely sign any direct URI (Uniform Resource Indicator) link to all files/resources under this URL. Upon CDN resource creation/edit, enable "Advanced Settings".
- Enable URL Signing – tick this checkbox to enable it
- URL Signing Key – input the key, which will be used for URL signing
The URL signing key is similar to a password and can contain a minimum of 6 to a maximum of 32 characters.
Below are examples of a signed URL in one of the following formats:
Query string format
The secure token is formed using the following format:
- <expires> : The expiration of the URL. This is in Unix timestamp format. This is optional.
- <path>: The file path or file directory **note: for HLS, it is better to put path instead of .m3u8 file, so that all the chunk of the hls will be authenticated as well.
- <key>: The URL signing key. Size of the key is between 6 characters to 32 characters.
- <IP>: The IP that allow to access. This is optional and only one IP allowed when generating the hash key each time.
For generating the hash key, kindly download the attached script in Ruby, Python, PHP or Java. You may run it with the following command to generate signed URL:
Ruby: ruby UrlSigning.rb -f path -s https -r example.com -p images/photo.png -k abc123 -e 1546300800 -i 184.108.40.206 Python: python UrlSigning.py -f path -s https -r example.com -p images/photo.png -k abc123 -e 1546300800 -i 220.127.116.11 PHP: php UrlSigning.php -f path -s https -r example.com -p images/photo.png -k abc123s -e 1546300800 -i 18.104.22.168
java UrlSigning -f path -s https -r example.com -p images/photo.png -k abc123 -e 1546300800 -i 22.214.171.124
-f: format, path or querystring, default = querystring
-s: scheme for resource URL, http or https, default = http
-r: resource hostname (compulsory)
-p: file path of the resource, default = /
-k: URL signing key (compulsory)
-e: expiration of the URL (optional)
-i: IP that allow to access (optional)