Alibaba Cloud Content Delivery Network (CDN) provides the URL signing feature to protect origin servers from unauthorized downloads and access. Hotlink protection provides a referer blacklist and a referer whitelist that can address some hotlink issues. However, the referer header can be forged. Origin servers require protection features that are more optimized than hotlink protection. In this case, you can enable the URL signing feature to protect your origin server.
Background information
- URLs can be signed by CDN nodes. Signed URLs carry signature information that can be used for permission verification.
- Users send signed URLs to CDN nodes.
- CDN nodes authenticate the signatures of the URLs. If a URL passes the authentication, a response is returned. If a URL fails the authentication, the request is rejected.
For more information about sample URL signing code in Python, see URL signing examples.
=
and +
in the URL are escaped.
Procedure
What to do next
- In the Generate Signed URL section, enter the Original URL and signing information.
Parameter Description Original URL Enter a complete URL, for example, https://www.aliyun.com
.Type Select a signing type based on your business requirements.Cryptographic Key Set the cryptographic key. The Cryptographic Key is the Primary Key or Secondary Key specified in the URL Signing settings. Validity Period Set the validity period for the signed URL based on your business requirements. Unit: seconds. Example: 1800. Note The default validity period is 30 minutes. If you want to set a validity period of less than 30 minutes, set Validity Period to a negative value. For example, if you want to set the validity period to 10 seconds, set Validity Period to -1790. - Click Generate.
A Signed URL and a Timestamp are generated.