How can I use URL Signing With Cookie Enabled?
*Please note this feature is not in the UI now and please send in a CDN support ticket to request for this feature"
Similar to our existing feature URL signing, it protects your files from unauthorized access, but also works along with set cookie on visitor's browser. The idea is to get the URL signed before serving the subsequent contents (without token) to the end users, by authenticating the requests with a token in a cookie. A cookie could store maximum of 40 tokens. Enabling this option provides an entry field to enter a secret key to securely sign any direct URI (Uniform Resource Indicator) link to all files/resources under this URL.
The token is formed using the following format:
<expires><path><key><ip>
<expires> : The expiration of the URL. This is in Unix timestamp format. This is optional.
<path>: The file path or file directory **note: for HLS, it is better to put path instead of .m3u8 file, so that all the chunk of the hls will be authenticated as well.
<key>: The URL signing key. Size of the key is between 6 characters to 32 characters.
<IP>: The IPs that allow to access. This is optional.
For generating the hash key, kindly refer to below for example script in PHP:
/**
* Generate URL signed CDN resource
*
* @param string scheme
* The scheme for CDN Resource URL
* e.g. "http" or "https"
* @param string $cdnResourceUrl
* The CDN resource URL (without scheme)
* e.g. "cdn.yourdomain.com/files/file.html"
* @param string filePath
* File path of the CDN resource as part of token key
* e.g. "/", "/files", "/files/file.html"
* @param string $secretKey
* The secret key as part of token key
* @param int $expiryTimestamp [optional]
* UNIX timestamp format, specify how long the url signed link is accessible to the public
* By default will be accessible forever.
* @param string $clientIp [optional]
* Client IP as part of token key
* Can be retrieved from $_SERVER['REMOTE_ADDR']
* By default the url signed link is not restricted to any IP
*
* @return string URL with generated token
* URL with designated format to access the resource
*
* Example:
* Generate url signed link for resource https://www.example.com/images/photo.png for next 3 days, assume today is Sun, 01 Apr 2012.
*
*
* https://www.example.com/images/photo.png?secure=kaGd_cu6Iy4LDgfX3jy5Rw&expires=1333497600
*
*/
<php
function generateSignedUrl($scheme="http", $cdnResourceUrl, $filePath="/", $secretKey="", $expiryTimestamp = "", $clientIp = "") {
if (empty($scheme) || empty($cdnResourceUrl)) {
exit("First argument \"scheme\" and/or second argument \"cdnResourceUrl\" cannot be empty.");
}
// NOTE: We adhere to ngx_secure_link_module hashing strategy
// Ref: http://nginx.org/en/docs/http/ngx_http_secure_link_module.html#secure_link
$searchChars = array('+', '/', '=');
$replaceChars = array('-', '_', '');
// 1. Setup Token Key
// 1.1 Append leading slash if missing
if ($filePath[0] != '/') {
$filePath = "/{$filePath}";
}
// 1.2 Extract uri, ignore arguments
if ($pos = strpos($filePath, '?')) {
$filePath = substr($filePath, 0, $pos);
}
// 1.3 Formulate the token key
$tokenKey = $expiryTimestamp . $filePath . $secretKey . $clientIp;
// 2. Setup URL
// 2.1 Append argument - secure (compulsory)
$urlStr = "{$scheme}://{$cdnResourceUrl}?secure=" . str_replace($searchChars, $replaceChars, base64_encode(md5($tokenKey, TRUE)));
// 2.2 Append argument - expires
if (!empty($expiryTimestamp) || $expiryTimestamp === "0" || $expiryTimestamp === 0){
$urlStr .= "&expires={$expiryTimestamp}";
}
// 2.3 Append argument - ip
if (!empty($clientIp)) {
$urlStr .= "&ip={$clientIp}";
}
return $urlStr;
}
?>
Comments
0 comments
Please sign in to leave a comment.