How can I use URL Signing (Advanced Settings) For HTTP Pull CDN resource?
Protect your files from unauthorized access with a key and optionally an expiration time. Enabling this option provides an entry field to enter a secret key to securely sign any direct URI (Uniform Resource Indicator) link to all files/resources under this URL.
Upon CDN resource creation/edit, enable "Advance Settings".
- Enable URL Signing – tick this checkbox to enable it
- URL Signing Key – input the key, which will be used for URL signing
The url signing key is similar to a password and can contain a minimum of 6 to a maximum of 32 characters.
A signed URL looks like `http://example.com/filename?secure=DMF1ucDxtqgxwYQ`.
The token is formed using the following format:
<expires> : The expiration of the URL. This is in Unix timestamp format. This is optional.
<path>: The file path or file directory **note: for HLS, it is better to put path instead of .m3u8 file, so that all the chunk of the hls will be authenticated as well.
<key>: The URL signing key. Size of the key is between 6 characters to 32 characters.
<IP>: The IPs that allow to access. This is optional.
For generating the hash key, kindly download the attached script in PHP, Ruby or Python. You may run it with the following command to generate signed url:
Ruby: ruby UrlSigning.rb -r example.com -p images/photo.png -k abc123 -s https -e 20161231 -i 22.214.171.124 Python: python UrlSigning.py -r example.com -p images/photo.png -k abc123 -s https -e 20161231 -i 126.96.36.199 PHP: php UrlSigning.php -r example.com -p images/photo.png -k abc123 -s https -e 20161231 -i 188.8.131.52
java UrlSigning.java s https r example.com p images/photo.png k abc123 e 20161231 i 184.108.40.206
Available option: -r : resource hostname -p: file path of the resource -k: url signing key -s: scheme for resource url, http or https, default = http -e: expiration of the url (optional) -i: ip that allow to access (optional)
If "Ignore query string" option is not switched on, the cache key will be based on query string (excluding expires, secure, speed and ip).
Request to http://example.com/file.txt?foo=bar&secure=123 will have cache key of