Token Auth

CDN supports timestamp-based anti-hotlinking, with the primary goal of ensuring that each request URI has a certain validity period. The blocking conditions are as follows, with one of the following being selected:

Token verification fails
Timestamp exceeds the valid time period

How to Set Up timestamp-based anti-hotlinking:

Go to Sites -> Sites Settings -> Module -> Token Auth
Click on Add Create Token Auth Set
Set a custom name for the configuration.
Click on "Create Token Auth"

Token Auth Field Descriptions:

Effective Scope:
- Path URI:
  - Example: /live/test.flv
- Directory:
  - Example: /live
- All Requests
- Specific File Types:
  - Example: flv png apk
- Regular Expression URI:
  - Example: \/abc[1-2]
Custom Encryption String (key): abc123
Expiration Time (in seconds):
- 600: 10 minutes
- 0: Do not check if the time has expired
Blocking Method:
- DENY: Returns HTTP 403 Forbidden
- DROP: Connection reset by peer
After setting up, you need to apply the configuration in the domain settings.

Batch Operations

If you need to apply this rule to multiple domains, you can use batch operations to apply it in bulk:
Check the domains you want to apply the rule to.
Click on "Batch processing" .
Select "Token Auth".
Choose the rule you've already configured and click Confirm.

How to Perform Verification?

When accessing the URL, you need to include the following parameters:
token: Calculated as md5($key + $uri + $timestamp), where $key is the custom encryption key set in the timestamp anti-hotlinking module.
timestamp: The current UNIX timestamp.
Access Example: http://test.domain.com/test.flv?token=IamToken×tamp=1708485442

Bash example:

#!/bin/bash
key=IamKey
uri=/test.flv
timestamp=`date +%s`
token=`echo -n "$key$uri$timestamp"|md5sum|awk '{print $1}'`
curl "http://test.domain.com$uri?token=$token&timestamp=$timestamp"

PreviousSite Certificate NextCustom Header

Last updated 7 months ago