Mode E
Last update:2024-05-20 11:28:32
This document provides a detailed explanation of Authentication Mode E, along with instructions on how to use it.
Authentication URL Structure
Similar to Mode C and Mode D, Mode E requires the authentication information to be attached as request parameters in the URL. The structure of the authentication URL for Mode E is as follows:
http://domain/uri?auth_key=<time>-<rand>-<uid>-<key>
Note: In the above URL example, we use
<>to indicate where the authentication parameters should be placed. These symbols will not be included in the actual URL.
In the URL structure above, auth_key is the ONLY authentication request parameter in the URL, consisting of four parts: time, rand, uid, and key. The description of each field is as follows:
| Field | Description |
|---|---|
| domain | The domain you have added for the CDN. |
| uri | The actual URL path of the CDN request. For example, if the original request URL is http://cdnetworks.com/browse/index.html, the uri should be /browse/index.html. Note that if the request URL contains additional parameters (e.g., /browse/index.html?user=123), the uri should only include the path part, excluding the question mark and the parameters that follow. |
| time | The timestamp when the URL is generated. The CDN edge server uses this timestamp to determine if the URL is within its valid period. If the current time exceeds this period, the CDN will not serve the content. Note: Mode E only supports decimal Unix timestamps for this field. |
| rand | This is a string you can specify as needed, which must be included in the key calculation. |
| uid | A randomly specified value that will also be used in the key calculation. |
| key | The encrypted signature used for authentication verification. In Mode E, the key is calculated as key=md5(uri-time-rand-uid-ourkey). For example, if the original request is http://cdnetworks.com/browse/index.html, the timestamp is 1715916795, the random string is 7asdD6JEYMpCzX, the random number is 0, and the ourkey is cdnw, then the generated key value will be key=md5(/browse/index.html-1715916795-7asdD6JEYMpCzX-0-cdnw)=2a59386824bd900252600160f446c227. |
How to Configure Mode E
In the Authentication Mode settings, select Mode E for configuration. Next, we will explain the purpose and settings of each configuration field in detail.
Custom Encryption Key ($ourkey)
The Custom Encryption Key ($ourkey) is a unique string used to generate the encrypted key for URL authentication. Since this key is shared only between you and the CDN server, it significantly enhances the security by making the authentication parameters difficult for unauthorized parties to crack. In the console, you can easily set multiple ourkey values, separated by the ; symbol.
When multiple ourkey values are configured, the CDN edge server will use them in order to authenticate requests. If the first ourkey fails, the server will try the next one, and so on, until a valid key is found or all keys fail validation.
Signature Calculation Method
The signature key is generated using an encryption algorithm. By default, we use the MD5 algorithm. If you need a different encryption algorithm for enhanced security, please contact our technical support team for assistance.
Signature Parameter Name
This refers to the name of the authentication signature parameter in the URL, which is set to You can customize this name as needed. For example, if you set it to cdnwkey, the client can use a URL like http://cdnetworks.com/browse/index.html?auth_key=123 to request content.
Valid Time (seconds)
We provide three methods to configure the validity period of the URL authentication information:
- Configure the Validity Period Upper Limit: Set the maximum validity period for the authentication information by entering a non-negative integer (e.g.,
60), which means the authentication information is valid for a certain number of seconds from the timestamp. - Configure the Validity Period Range: Set the valid time range for the authentication information by entering two comma-separated values. The first value indicates the valid period before the timestamp (should be less than or equal to 0), and the second value indicates the valid period after the timestamp (should be greater than or equal to 0). For example, entering
-60,60means the information is valid for one minute before and after the timestamp. - Do Not Perform Validity Period Check: If you do not want the system to check the validity period, enter a minus sign
-, and the system will not check or restrict the validity period.
Quick Verify if the URL Authentication Configuration is Correct
To avoid errors affecting your online business, it is advisable to initially deploy the configuration to a test environment. Once the configuration is verified as accurate, it can then be officially implemented in the live environment. For details on deploying configurations to a test environment, refer to the tutorial Deploy the Configurations to Staging Environment for Validation.
Additionally, you can use the Timestamp Anti-Hotlinking Calculator available on the CDN console to generate URL authentication parameters and quick verify your configuration. Visit the document Authentication URL Generator for more details.