URL signing
What is URL signing
URL signing is the process of using a certain algorithm to regenerate resource link URLs (such as download links, audio links, etc.) on a website, in order to achieve the goal of preventing unauthorized access; Because these links all have expiration dates, even if they are referenced by other websites, they must be changed frequently.
URL Signing Instance
For example, your original website link is:
https://example.com/images/test.jpg
After algorithmic processing, it is:
https://example.com/images/test.jpg?sign=1661824870-c6d1a57067b21f7b-0baac47b6c2ad519bb1bfe7babff37a3
Then, the original links on the website were replaced with links processed by algorithms, which achieved URL authentication function.
How to use URL signing
You can enable url signng in CDN Resources → Safety Protection → URL Signing.
URL signing details
Example
https://example.com/images/test.jpg?sign=1661824870-c6d1a57067b21f7b-0baac47b6c2ad519bb1bfe7babff37a3
URL generation rules
(http|https)://URL/file path?sign=timestamp-random string-Hash value
Definition of value: ●sign - is the default signature parameter and can be modified by oneself ●URL - Keep the original domain name, such as example.com ●/file path - The file path contains the leading slash (/) symbol, such as /images/test.jpg ●timestamp - Unix timestamp, in seconds, such as 1661824870 ●random string - Your custom random string can only contain letters and numbers, such as c6d1a57067b21f7b, or it can be a fixed value, such as hello, but a fixed value will reduce security ●Hash value - currently only supports MD5 Hash algorithm, specifically
md5(/file path@timestamp@random string@key)
The key is the authentication key generated or filled in by you when creating the authentication method; Use the @ symbol to connect each field, and do not forget to fill in the slash (/) before the file path, nor repeat it; Taking the key as 123456 as an example:
md5("/images/test.jpg@1661824870@c6d1a57067b21f7b@123456") => 0baac47b6c2ad519bb1bfe7babff37a3
The result needs to be a 32-bit string containing only lowercase letters and numbers; If the algorithm you are using results in uppercase, please convert to lowercase.
To generate a hash, please download the attached script in Ruby, Python, PHP, or Java. You can use the following command to run it to generate a signed URL:
Ruby:
ruby UrlSigning.rb -f path -s https -r example.com -p images/photo.png -k abc123 -e 1546300800 -i 1.2.3.4
Python:
python UrlSigning.py -f path -s https -r example.com -p images/photo.png -k abc123 -e 1546300800 -i 1.2.3.4Python3:python3 UrlSigning3.py -f path -s https -r example.com -p images/photo.png -k abc123 -e 1546300800 -i 1.2.3.4
Python3:
python3 UrlSigning3.py -f path -s https -r example.com -p images/photo.png -k abc123 -e 1546300800 -i 1.2.3.4
PHP:
php UrlSigning.php -f path -s https -r example.com -p images/photo.png -k abc123s -e 1546300800 -i 1.2.3.4Java:javac UrlSigning.javajava UrlSigning -f path -s https -r example.com -p images/photo.png -k abc123 -e 1546300800 -i 1.2.3.4
Java:
javac UrlSigning.java
java UrlSigning -f path -s https -r example.com -p images/photo.png -k abc123 -e 1546300800 -i 1.2.3.4
Available options:
-f: format, path or querystring, default = querystring
-s: scheme for resource URL, http or https, default = http
-r: resource hostname (compulsory)
-p: file path of the resource, default = /
-k: URL signing key (compulsory) -e: expiration of the URL (optional)
-i: IP that allow to access (optional)
Rules for returning to the origin
When searching for cache and backtracking rules, the sign parameter will be automatically removed.
Common problem
Can other parameters be added to the URL?
https://example.com/images/test.jpg?sign=1661824870-c6d1a57067b21f7b-0baac47b6c2ad519bb1bfe7babff37a3&v=1&from=google
Note
Due to the dynamic generation of URLs in URL authentication, the cache time setting for the page where the link is located cannot exceed the effective time of the authentication setting.