Token Auth

How to Set Up timestamp-based anti-hotlinking:

• Go to Sites -> Sites Settings -> Module -> Token Auth

• Click on Add Create Token Auth Set
• Set a custom name for the configuration.

• Click on "Create Token Auth"

Token Auth Field Descriptions:

• Effective Scope:

  • Path URI:

    • Example: /live/test.flv

  • Directory:

    • Example: /live

  • All Requests

  • Specific File Types:

    • Example: flv png apk

  • Regular Expression URI:

    • Example: \/abc[1-2]

• Custom Encryption String (key): abc123

• Expiration Time (in seconds):

  • 600: 10 minutes

  • 0: Do not check if the time has expired

• Blocking Method:

  • DENY: Returns HTTP 403 Forbidden

  • DROP: Connection reset by peer

• After setting up, you need to apply the configuration in the domain settings.

Batch Operations

• If you need to apply this rule to multiple domains, you can use batch operations to apply it in bulk:

• Check the domains you want to apply the rule to.

• Click on "Batch processing" .

• Select "Token Auth".

• Choose the rule you've already configured and click Confirm.

How to Perform Verification?

• When accessing the URL, you need to include the following parameters:

• token: Calculated as md5($key + $uri + $timestamp), where $key is the custom encryption key set in the timestamp anti-hotlinking module.

• timestamp: The current UNIX timestamp.

• Access Example: http://test.domain.com/test.flv?token=IamToken×tamp=1708485442

Bash example:

#!/bin/bash
key=IamKey
uri=/test.flv
timestamp=`date +%s`
token=`echo -n "$key$uri$timestamp"|md5sum|awk '{print $1}'`
curl "http://test.domain.com$uri?token=$token&timestamp=$timestamp"