The URL signing feature protects origin server resources from unauthorized download and access. With the hotlink protection feature, you can configure a referer blacklist or whitelist to prevent some hotlinking issues. However, hotlink protection cannot completely protect resources on the origin server because referer content can be forged. To resolve this issue, URL signing is provided to protect resources on the origin server, which is more secure and effective.
- The CDN node provides encrypted URLs that contain permission verification information.
- You can send a request to a CDN node by using an encrypted URL.
- The CDN node authenticates the permission information in the encrypted URL to determine whether the request is valid. If the request is valid, the CDN node returns a successful response. If the request is invalid, the CDN node rejects the request.
For more information about sample Python authentication code, see Sample authentication code.
- Log on to the Alibaba Cloud CDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the target domain name and click Manage.
- In the left-side navigation pane of the specified domain, click Access Control.
- Click the URL Signing tab.
- In the URL Signing section, click Modify.
- Turn on URL Signing and configure the required parameters.
Parameter Description TypeAlibaba Cloud CDN supports three signing types. You can select a signing type based on your needs to protect resources on the origin server. The following URL signing types are supported:Note If a URL signing error occurs, a 403 error is returned.
- MD5 calculation errors
X-Tengine-Error:denied by req auth: invalid md5hash=de7bfdc915ced05e17380a149bd760be
- Time-related errors
X-Tengine-Error:denied by req auth: expired timestamp=1439469547
Primary Key The primary key corresponding to the selected signing type. Secondary Key The secondary key corresponding to the selected signing type.
- MD5 calculation errors
- Click OK.
What to do next
- In the Generate Signed URL section, configure Original URL and signing information.
Parameter Description Original URL Enter a complete original URL, for example,
Type Cryptographic Key Set the signing key. Cryptographic Key can be Primary Key or Secondary Key configured in the Set URL Signing dialog box. Validity Period Set the validity period for URL signing. Unit: seconds. Example: 1800.
- Click Generate.
You can obtain Signed URL and Timestamp.