Referer-based hotlink protection is not completely secure. We recommend that you use URL authentication to protect resources on the origin server against illegal downloads and misuse.
How URL authentication works
Alibaba Cloud Content Delivery Network (CDN) nodes work together with the origin server to authenticate URLs. This is a more secure and reliable method to protect resources on the origin server against hotlinking. ApsaraVideo VOD console supports only authentication method A. For more information, see URL authentication.
- The origin server provides a signed URL that contains authentication information.
- A user sends a request to a CDN node by using the signed URL.
- The CDN node verifies the authentication information in the signed URL to determine whether the request is valid. If the request is valid, the CDN node returns a success response. Otherwise, the CDN node denies the request.
Notice After a request URL is authenticated by a CDN node, special characters such as
equal signs (=)
and plus signs (+)
in the URL are encoded.