Skip to main content

Set up secure access to content

Last update:

By default, anyone can access your content.

You can customize access by code word or your own script.

Configure access by codeword

The Tokenized URL setting allows you to make links to content temporary and restrict access to content by IP address.

A token of the form md5(kymJ2w55VH4LUMSKGb6ZqA,1704067200) is added to the links on the site. The token is generated:

  • from a code word you came up with;
  • file path on the source;
  • optional: link validity period in POSIX time format;
  • optional: authorized IP address.

As a result, the link with the token will be of this form:

https://cdn.example.com/md5(kymJ2w55VH4LUMSKGb6ZqA,1704067200)/path/to/file.png.

When a user clicks on a link, CDN servers check the token in the request. If the token matches and the lifetime of the link has not expired, the servers deliver the content. CDN-servers themselves receive content from the source regardless of the presence of a code word.

  1. In the Control Panel, on the top menu, click Products and select CDN.

  2. In the CDN Resources section, open the CDN Resource page → Restrictions tab.

  3. In the Authorization block, select By code word.

  4. Enter a code word of 6 to 32 characters. Latin letters and numbers can be used.

  5. Optional: to not specify the link validity time, check the box Do not limit by time.

  6. Optional: To not restrict access to content to only certain IP addresses, check the Do not consider IP checkbox.

  7. Click Apply. The resource will be in PROCESSING status while the settings are being applied . You cannot apply any other settings at this time. The settings will be applied when the share changes to ACTIVE status.

  8. Configure tokenized link generation on the source server using a script. To see script examples, see the Script Examples for Token Generation subsection.

For your information

These are examples of a script to generate a token subject to IP address and link validity time constraints.

<?php
$secret = '<code_word>';
$ip = '<ip_address>';
$path = '<file_path>';
$lifetime = <link_lifetime>;
$expires = time() + $lifetime;
$link = "$secret$path$ip$expires";
$md5 = md5($link, true);
$md5 = base64_encode($md5);
$md5 = strtr($md5, '+/', '-_');
$md5 = str_replace('=', '', $md5);
$domain = '<domain>';
$url = "$domain/md5($md5,$expires)$path";
echo $url;
echo "\n";

Specify:

  • <code_word> - the code word you specified when the code word you specified when setting up access to content by code word;
  • <ip_address> - The IP address that you allow to receive content;
  • <file_path> - relative path to the file on the source;
  • <link_lifetime> - link lifetime in seconds;
  • <cdn_domain> - domain of the CDN resource with the protocol. You can view the domain of the resource in the control panel: in the top menu, click ProductsCDNCDN Resources → resource string.

Customize access by your own script

You can add your own script to authorize users.

When the user clicks on the link, the decision to access the content is made based on the response from the script.

You need to pass headers in the script:

  • Host - name of the domain for which the request is intended;
  • X-Request-URI - URI of the requested resource;
  • X-Forwarded-For - the actual IP address of the user who is requesting the resource;
  • X-Remote-Addr. - The IP address of the user who is requesting the resource, or the IP address of the proxy server.

  1. In the Control Panel, on the top menu, click Products and select CDN.

  2. In the CDN Resources section, open the CDN Resource page → Restrictions tab.

  3. In the Authorization block, select By external script.

  4. Provide a link to your script.

  5. Click Apply. The resource will be in PROCESSING status while the settings are being applied . You cannot apply any other settings at this time. The settings will be applied when the share changes to ACTIVE status.