We accelerate websites

15 days free trial Sign up

Media Acceleration Stream to the world

15 days free trial Sign up

Extensive Network Excellent world coverage

Setting a URL Signing - protect your CDN content

Introduction

The URL Signing option of CDN Static and CDN Static Push services allows you to protect your CDN content from unwanted downloads.

Token authentication

URL Signing is a token authentication. Only requests with a valid token (also referred as signature, secure or hash) are allowed to access your content. Moreover the token can contain its expiration time and allowed/denied IP addresses.

An example of CDN URL with token

http://12345.r.cdnsun.net/photo.jpeg?secure=DMF1ucDxtHCxwYQ

As you can see in the above example the token is added to the URL as a value of a query string parameter ?secure=.

Token expiration time use case

Token can contain its expiration time. Let's assume that you want to provide a CDN URL to your customer which can not be shared with public. For example the customer paid you for your content so you want to provide him a CDN URL to download the content but you don't want to allow him to share this CDN URL with everyone. Solution in this case is to provide him a CDN URL with token containing expiration time close to expiry (few seconds or minutes). Using this CDN URL he will be able to download your content but if he will share the CDN URL with public then it will not open access to your content because the CDN URL token will be expired. Please note that token is validated only at the beginning of a connection, it is not being validated during an ongoing connection.

How to enable URL Signing

URL Signing can be enabled during a CDN service creation (in advanced settings) or on the Services/Settings page.

Select "Enabled" from the URL Signing select box and generate a URL Signing Key as in the picture below.

URL Signing Key

How to generate token

To generate a token you can make use one of our token generators below.

Java

Download our Java URL Signing function from the GitHub and follow instructions from the README.md file.

.NET

Download our .NET URL Signing function from the GitHub and follow instructions from the README.md file.

PHP

Download our PHP URL Signing function from the GitHub and follow instructions from the README.md file.

Ruby

Download our Ruby URL Signing function from the GitHub and follow instructions from the README.md file.

Python

Download our Python URL Signing function from the GitHub and follow instructions from the README.md file.

Bash

Download our Bash URL Signing function from the GitHub and follow instructions from the README.md file.

URL Signing and HLS streaming

Please refer here for more details on HLS streaming through a CDN Static service. Let's assume that you want to protect your CDN HLS stream http://12345.r.cdnsun.net/mystream/playlist.m3u8. Please remind that the token generator requires path parameter and thus you can not use "normal" URL Signing because viewer's device will request URLs containing dynamic paths such as in the following example.

http://12345.r.cdnsun.net/mystream/segment1.ts
http://12345.r.cdnsun.net/mystream/segment2.ts
http://12345.r.cdnsun.net/mystream/segment3.ts

Fortunately we provide the following two additional URL Signing features to solve this problem.

URL Signing with cookie

URL Signing with cookie allows you to store a token in visitor's browser cookie and use it to authenticate requests without the token query string parameter ?secure=.

Example

Let's assume that URL Signing with cookie is enabled for the CDN service 12345.r.cdnsun.net and you want to protect your CDN HLS stream http://12345.r.cdnsun.net/mystream/playlist.m3u8. All you need to do is to generate a token for the playlist URL and use http://12345.r.cdnsun.net/mystream/playlist.m3u8?secure=DMF1ucDxtHCxwYQ on your website. All subsequent requests requesting for example .ts segments will be authenticated using token from visitor's browser cookie.

Notes

  • This attempt will work only in browsers supporting cookies.
  • A cookie can contain up to 40 tokens.
  • Token generator is the same as with "normal" URL Signing.

How to enable

This feature is currently not available in our dashboard. To enable it first set "normal" URL Signing to Enabled and then contact us via the support form below to request the URL Signing with cookie feature. Your request should contain the following.

  • CDN Service Identifier, e.g. 12345.r.cdnsun.net.
  • CDN stream URL, e.g. http://12345.r.cdnsun.net/mystream/playlist.m3u8.

File type URL Signing

File type URL Signing allows you to protect only certain file types and keep the rest unprotected.

Example

Let's assume that you want to protect your CDN HLS stream http://12345.r.cdnsun.net/mystream/playlist.m3u8. You can enable .m3u8 file type URL Signing for the CDN service 12345.r.cdnsun.net and then all you need to do is to generate token for the playlist URL and use http://12345.r.cdnsun.net/mystream/playlist.m3u8?secure=DMF1ucDxtHCxwYQ on your website. Only .m3u8 files will require valid token and thus .ts segments and other files will be accessible without token.

Notes

  • Token generator is the same as with "normal" URL Signing.

How to enable

This feature is currently not available in our dashboard. To enable it first set "normal" URL Signing to Disabled and then contact us via the support form below to request the file type URL Signing feature. Your request should contain the following.

  • CDN Service Identifier, e.g. 12345.r.cdnsun.net.
  • CDN stream URL, e.g. http://12345.r.cdnsun.net/mystream/playlist.m3u8.
  • List of file types, e.g. .m3u8.
  • Optionally URL Signing Key or we will generate random URL Signing Key for you.
 
  _____      ___      ______   _    _   
 |__  //    / _ \\   /_____// | || | || 
   / //    | / \ ||  `____ `  | || | || 
  / //__   | \_/ ||  /___//   | \\_/ || 
 /_____||   \___//   `__ `     \____//  
 `-----`    `---`    /_//       `---`   
                     `-`                
Europe
  • Amsterdam
  • Athens
  • Baku
  • Bucharest
  • Budapest
  • Copenhagen
  • Dubai
  • Dublin
  • Frankfurt
  • Helsingborg
  • Helsinki
  • Istanbul
  • Karlskrona
  • Khabarovsk
  • Kharkov
  • Kiev
  • Kungalv
  • London
  • Lvov
  • Milan
  • Moscow
  • Odessa
  • Polevskoy
  • Rostov-on-Don
  • Stockholm
  • Tel Aviv-Yafo
  • Trondheim
  • Zagreb
America
  • Arlington
  • Atlanta
  • Chicago
  • Dallas
  • Denver
  • Green Bay
  • Los Angeles
  • Miami
  • Montreal
  • New York
  • Phoenix
  • Portland
  • Provo
  • Queretaro
  • Reston
  • Sacramento
  • San Jose
  • Sao Paulo
  • Seattle
  • Toronto
  • Washington
Contact
  • e-mail: info@cdnsun.com
  • skype: cdnsun.com
  • phone: +1 844 300 9206
  • phone: +420 776 256 872
Blog Twitter LinkedIn Facebook CrunchBase Google+ / Google plus Foursquare Pinterest