About URL Authentication

Last update:2024-07-17 17:30:42

Compared to access control measures like whitelists/blacklists based on IP, Referer, Cookie and User-agent, URL authentication offers a sophisticated content protection strategy. This approach allows authentication information, such as timestamps and encrypted strings, to be included in the content URL. When users request content from the CDN, they must include the necessary authentication details. The CDN then verifies this information and determines whether to grant access, or deny it, which effectively prevents unauthorized use of content URLs.

How URL Authentication Works

A typical URL authentication process involves three key components: the content management server, the users, and the CDN edge servers.

  • Content Mangement Server: This server generates authenticated URLs based on a set of predefined rules, which include the authentication algorithm and key. It then sends these URLs back to the client.
  • User (Client): The user uses the authenticated URL to request content from the CDN edge servers.
  • CDN: The CDN edge server checks the authenticated URL received from the user, verifying the authentication information and timestamp to decide whether to grant access, or deny it.

ccd3762be0b54075ba637dba3d36f1f1.png

For example, if the URL needing authentication is http://example.com/test.jpg, the process would be as follows:

  1. The user (client) requests the content URL from the the content management server.
  2. The content management server generates a time-sensitive video URL with an token string based on pre-set rules (including the authentication algorithm and key), such as http://example.com/test.jpg?token=123, and returns it to the user.
  3. The client uses the authenticated URL to request content from the CDN edge servers.
  4. The CDN edge server validates the authentication information in the URL to determine the request’s legitimacy. If authentication succeeds, the CDN serves the requested content; if it fails, access is denied.

How to Set Up URL Authentication

  1. Log in to the CDNetworks Console and select the appropriate product.
  2. Go to the Configuration, locate the domain you wish to configure, and click Edit Configurationimage.png.
  3. Navigate to Hotlinking Protection - Timestamp anti-hotlinking in the left sidebar and click Modify.
  4. Configure the Effective Range, Authentication Mode and other settings based on your needs.

Scope of Effectiveness
Select the scope of requests to which URL authentication applies:

Setting Description
All Requests The access control rule applies to all types of requests.
Only Homepage Applies only to the root directory of the domain, such as http://domain/ or https://domain/.
Specified File Type Applies only to specific types of files. You can select from the predefined file types on the left or define custom file types. Separate multiple custom types with a semicolon ;.(e.g., jpg;png).
Specified URI Applies only to requests for content at a specific URI. Two URI matching options are available:
Exact matching: Complete URI, including parameters.(e.g., path/index.html?abc=123).
Ignore the parameter matching: URI without query parameters.(e.g., path/index.html).
Specified Directory Applies to requests under specific directories. For example, /file/abc/ applies to all content under http://domain/file/abc/*.
Note: Directories must start and end with /, and can only contain letters, numbers, and certain special characters (underscore, hyphen, percent sign, dot). Multiple directories are supposed to be seperated with line breaks.
URL Pattern Uses regular expressions to control the range of requests that the rules will be applied to. For example, the pattern *.jpg$ ensures that access control applies to all URLs ending with .jpg.

Authentication Mode
You can select from five authentication modes available on the CDNetworks Console, each tailored to different needs and situations:

How to Verify your URL Authentication

Due to the complexity of URL authentication settings, it is advisable to deploy configurations to a test environment first to avoid impacting your live operations. Once verified as correct, you can apply them to the production environment. For detailed guidance on deploying the configurations to a test environment, refer to Verify Configurations Through Pre-Deployment.

Additionally, you can use the Timestamp Anti-Hotlinking Calculator image.png available on the CDN Console to automatically generate URL authentication parameters for test and verify whether the authentication parameters will be successfully passed by the CDN edge servers. For more on how to use this tool, visit Timestamp Anti-Hotlinking Calculator.

Is the content of this document helpful to you?
Yes
I have suggestion
Submitted successfully! Thank you very much for your feedback, we will continue to strive to do better!