Last update:2024-07-17 17:30:42
Compared to access control measures like whitelists/blacklists based on IP, Referer, Cookie and User-agent, URL authentication offers a sophisticated content protection strategy. This approach allows authentication information, such as timestamps and encrypted strings, to be included in the content URL. When users request content from the CDN, they must include the necessary authentication details. The CDN then verifies this information and determines whether to grant access, or deny it, which effectively prevents unauthorized use of content URLs.
A typical URL authentication process involves three key components: the content management server, the users, and the CDN edge servers.
For example, if the URL needing authentication is http://example.com/test.jpg
, the process would be as follows:
http://example.com/test.jpg?token=123
, and returns it to the user.Scope of Effectiveness
Select the scope of requests to which URL authentication applies:
Setting | Description |
---|---|
All Requests | The access control rule applies to all types of requests. |
Only Homepage | Applies only to the root directory of the domain, such as http://domain/ or https://domain/ . |
Specified File Type | Applies only to specific types of files. You can select from the predefined file types on the left or define custom file types. Separate multiple custom types with a semicolon ; .(e.g., jpg;png ). |
Specified URI | Applies only to requests for content at a specific URI. Two URI matching options are available:Exact matching: Complete URI, including parameters.(e.g., path/index.html?abc=123 ). Ignore the parameter matching: URI without query parameters.(e.g., path/index.html ). |
Specified Directory | Applies to requests under specific directories. For example, /file/abc/ applies to all content under http://domain/file/abc/*.Note: Directories must start and end with / , and can only contain letters, numbers, and certain special characters (underscore, hyphen, percent sign, dot). Multiple directories are supposed to be seperated with line breaks. |
URL Pattern | Uses regular expressions to control the range of requests that the rules will be applied to. For example, the pattern *.jpg$ ensures that access control applies to all URLs ending with .jpg . |
Authentication Mode
You can select from five authentication modes available on the CDNetworks Console, each tailored to different needs and situations:
Due to the complexity of URL authentication settings, it is advisable to deploy configurations to a test environment first to avoid impacting your live operations. Once verified as correct, you can apply them to the production environment. For detailed guidance on deploying the configurations to a test environment, refer to Verify Configurations Through Pre-Deployment.
Additionally, you can use the Timestamp Anti-Hotlinking Calculator available on the CDN Console to automatically generate URL authentication parameters for test and verify whether the authentication parameters will be successfully passed by the CDN edge servers. For more on how to use this tool, visit Timestamp Anti-Hotlinking Calculator.