The URL authentication feature protects origin server resources from unauthorized download and access. You can prevent some hotlinking issues by configuring a referer blacklist or whitelist with hotlink protection. However, this method cannot completely protect resources on the origin server because referer content can be forged. URL authentication is a more secure and effective method to protect resources on the origin server.
- The origin server provides encrypted URLs that contain permission verification information.
- You can send a request to a CDN node by accessing an encrypted URL.
- The CDN node authenticates the permission information in the encrypted URL to determine whether the request is valid. If the request is valid, the CDN node returns a successful response. If the request is invalid, the CDN node rejects the request.
For more information about sample Python authentication code, see Sample authentication code.
- Log on to the Alibaba Cloud CDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the target domain name and click Manage.
- In the left-side navigation pane of the specified domain, click Access Control.
- Click URL Authentication.
- In the URL Authentication section, click Modify.
- Turn on the URL Authentication switch as prompted to configure URL authentication.
Parameter Description Type Primary Key The primary password corresponding to the selected authentication type. Secondary Key The secondary password corresponding to the selected authentication type.
- Click OK.
What to do next
- In the Generate Signed URL section, configure Original URL and authentication information.
Parameter Description Original URL The complete original URL. For example, https://www.aliyun.com. Type Cryptographic Key The authentication password. Cryptographic Key can be Primary Key or Secondary Key configured in the Set URL Authentication dialog box. Validity Period The validity period for URL authentication. Unit: seconds. Example value: 1,800.
- Click Generate.
Obtain Authentication URL and Timestamp.