The URL authentication feature protects origin server resources from unauthorized downloads and access. With the hotlink protection feature, you can configure a referer blacklist or whitelist to prevent some hotlinking issues. However, hotlink protection cannot completely protect resources on the origin server because referer content can be forged. To resolve this issue, Dynamic Route for CDN (DCDN) provides URL authentication to protect resources on the origin server, which is more secure and effective.
- The DCDN node encrypts a URL to include authentication information in the URL.
- An end user sends a request to the DCDN node by using an encrypted URL.
- The DCDN node verifies the authentication information in the encrypted URL to determine whether the request is valid. If the request is valid, the DCDN node returns a successful response. If the request is invalid, the DCDN node rejects the request.
For more information about sample Python authentication code, see Sample authentication code.
- Log on to the Dynamic Route for CDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the target domain name and click Configure.
- In the left-side navigation pane of the specified domain, click Access Control.
- Click the URL Authentication tab.
- In the URL Authentication Setting section, click Modify.
- Turn on URL Authentication and configure the required parameters.
Parameter Description Authentication TypeAlibaba Cloud DCDN supports three authentication types. You can select an authentication type based on your workloads to protect resources on the origin server. The following authentication types are supported:Note If a URL authentication error occurs, a 403 error is returned.
- MD5 calculation errors
X-Tengine-Error:denied by req auth: invalid md5hash=de7bfdc915ced05e17380a149bd760be
- Time-related errors
X-Tengine-Error:denied by req auth: expired timestamp=1439469547
Primary Key The primary key corresponding to the selected authentication type. Secondary Key The secondary key corresponding to the selected authentication type.
- MD5 calculation errors
- Click OK.
What to do next
- In the Generate Encrypted URL section, configure the original URL and the authentication information.
Parameter Description Original URL Enter a full URL, for example,
Authentication Type Authentication Key Set the cryptographic key. The cryptographic key can be the primary key or the secondary key configured in the URL Authentication dialog box. Validity Period Set the TTL value for the encrypted URL. Unit: seconds. Example: 1800.
- Click Generate.
You can then obtain the encrypted URL and the timestamp.