Back
Content Acceleration
CDNetworks Documentation Content Acceleration Access Control Mode E

Mode E

Last update:2024-05-20 11:28:32

Topics


This document provides a detailed explanation of Authentication Mode E, along with instructions on how to use it.

Authentication URL Structure

Similar to Mode C and Mode D, Mode E requires the authentication information to be attached as request parameters in the URL. The structure of the authentication URL for Mode E is as follows:

http://domain/uri?auth_key=<time>-<rand>-<uid>-<key>

Note: In the above URL example, we use <> to indicate where the authentication parameters should be placed. These symbols will not be included in the actual URL.

In the URL structure above, auth_key is the ONLY authentication request parameter in the URL, consisting of four parts: time, rand, uid, and key. The description of each field is as follows:

Field Description
domain The domain you have added for the CDN.
uri The actual URL path of the CDN request. For example, if the original request URL is http://cdnetworks.com/browse/index.html, the uri should be /browse/index.html.
Note that if the request URL contains additional parameters (e.g., /browse/index.html?user=123), the uri should only include the path part, excluding the question mark and the parameters that follow.
time The timestamp when the URL is generated. The CDN edge server uses this timestamp to determine if the URL is within its valid period. If the current time exceeds this period, the CDN will not serve the content.
Note: Mode E only supports decimal Unix timestamps for this field.
rand This is a string you can specify as needed, which must be included in the key calculation.
uid A randomly specified value that will also be used in the key calculation.
key The encrypted signature used for authentication verification. In Mode E, the key is calculated as key=md5(uri-time-rand-uid-ourkey). For example, if the original request is http://cdnetworks.com/browse/index.html, the timestamp is 1715916795, the random string is 7asdD6JEYMpCzX, the random number is 0, and the ourkey is cdnw, then the generated key value will be key=md5(/browse/index.html-1715916795-7asdD6JEYMpCzX-0-cdnw)=2a59386824bd900252600160f446c227.

How to Configure Mode E

In the Authentication Mode settings, select Mode E for configuration. Next, we will explain the purpose and settings of each configuration field in detail.

Custom Encryption Key ($ourkey)

The Custom Encryption Key ($ourkey) is a unique string used to generate the encrypted key for URL authentication. Since this key is shared only between you and the CDN server, it significantly enhances the security by making the authentication parameters difficult for unauthorized parties to crack. In the console, you can easily set multiple ourkey values, separated by the ; symbol.

When multiple ourkey values are configured, the CDN edge server will use them in order to authenticate requests. If the first ourkey fails, the server will try the next one, and so on, until a valid key is found or all keys fail validation.

Signature Calculation Method

The signature key is generated using an encryption algorithm. By default, we use the MD5 algorithm. If you need a different encryption algorithm for enhanced security, please contact our technical support team for assistance.

Signature Parameter Name

This refers to the name of the authentication signature parameter in the URL, which is set to You can customize this name as needed. For example, if you set it to cdnwkey, the client can use a URL like http://cdnetworks.com/browse/index.html?auth_key=123 to request content.

Valid Time (seconds)

We provide three methods to configure the validity period of the URL authentication information:

  • Configure the Validity Period Upper Limit: Set the maximum validity period for the authentication information by entering a non-negative integer (e.g., 60), which means the authentication information is valid for a certain number of seconds from the timestamp.
  • Configure the Validity Period Range: Set the valid time range for the authentication information by entering two comma-separated values. The first value indicates the valid period before the timestamp (should be less than or equal to 0), and the second value indicates the valid period after the timestamp (should be greater than or equal to 0). For example, entering -60,60 means the information is valid for one minute before and after the timestamp.
  • Do Not Perform Validity Period Check: If you do not want the system to check the validity period, enter a minus sign -, and the system will not check or restrict the validity period.

Quick Verify if the URL Authentication Configuration is Correct

To avoid errors affecting your online business, it is advisable to initially deploy the configuration to a test environment. Once the configuration is verified as accurate, it can then be officially implemented in the live environment. For details on deploying configurations to a test environment, refer to the tutorial Deploy the Configurations to Staging Environment for Validation.

Additionally, you can use the Timestamp Anti-Hotlinking Calculator available on the CDN console to generate URL authentication parameters and quick verify your configuration. Visit the document Authentication URL Generator for more details.

Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!

CDNetworks Inc., © 2024. 1840 Enterprise Way, Monrovia, CA 91016 – All rights reserved.