When Secure Token is enabled your content may be downloaded only if a request contains a hash key. Secure Token protects your content from unwanted downloads.
A tokenized URL looks like
http://cdn.example.com/photo.jpeg?md5=DMF1ucDxtHCxwYQ&expires=2147483647
Control Panel Settings
To enable Secure Token go to CDN Resources in your Control Panel, choose the Resource and click Settings. Then open Advanced Settings, in the Access (Security), add Secure Token.
Activate the option, type in a signature key and save the settings. The signature key is similar to a password and can contain a from 6 to 32 characters.
By default 4 parameters are considered in the token generation:
- Expiration time
- Path to the file
- Key
- IP (optional)
You can generate a token with or without IP. Remove the tick near Add a Сlient's IP to the Token and use the script that generates tokens without IP.
Server Settings
Configure your server so that your CDN content is available at URLs containing tokens for the end users. At the same time, CDN servers need to get content without a token.
The token is generated in the following format:<expires><path><ip> <key>
<expires>: The expiration of the URL in the Unix timestamp format.
<path>: The file path or file directory.
<key>: The URL signature key.
<IP>: The IPs that allowed to access.
Use this command to generate Unix Timestamp in Linux: `date +%s -d "10min"` (current time + 10 minutes)
CDN servers check every request on their side. They have all the same parameters <expires><path><ip> <key> and use them to generate hash key.
- If these parameters do not match or this URL is expired, CDN returns 403 Forbidden to the end user.
- If all parameters match and URL isn't expired, CDN delivers the requested file to the end user.
For generating the hash key refer to below for example scripts
PHP (with IP)
<?php
$secret = 'secret_key';
$ip = '1.2.3.4';
$path = '/live/133529_2/chunklist.m3u8';
$expires = time() + 10000;
$link = "$expires$path$ip $secret";
$md5 = md5($link, true);
$md5 = base64_encode($md5);
$md5 = strtr($md5, '+/', '-_');
$md5 = str_replace('=', '', $md5);
$url = "http://cdn.site.com{$path}?md5={$md5}&expires={$expires}";
echo $url;
echo "\n";
PHP (without IP)
<?php
$secret = 'secret_key';
$path = '/live/133529_2/chunklist.m3u8';
$expires = time() + 10000;
$link = "$expires$path $secret";
$md5 = md5($link, true);
$md5 = base64_encode($md5);
$md5 = strtr($md5, '+/', '-_');
$md5 = str_replace('=', '', $md5);
$url = "http://cdn.site.com{$path}?md5={$md5}&expires={$expires}";
echo $url;
echo "\n"
Where:
- $secret - the URL signature key
- $path - the file path or file directory
- $ip - the IPs that allowed to access
- $expires - the expiration of the URL (in sec)
- $link - token generation with the necessary parameters
- $url - file's URL
Python (with IP)
import base64
from hashlib import md5
from time import time
secret = 'secret_key' \\The URL signature key
path = "/images/1.jpg" \\ The file path or file directory
ip = '1.2.3.4' \\ The IPs that allow to access
expires = int(time()) + 100000
# TTL of URL (in sec)
#Token generation
token = base64.encodestring(
md5(
"%s%s%s %s" % (expires, path, ip, secret)
).digest()
).replace("\n", "").replace("+", "-").replace("/", "_").replace("=", "")
secured_url = "http://cdn.site.com%s?md5=%s&expires=%s" % (path, token, expires)
# File's URL
print secured_url
Python (without IP)
import base64
from hashlib import md5
from time import time
secret = 'secret_key'
path = "/images/1.jpg"
expires = int(time()) + 100000
token = base64.encodestring(
md5(
"%s%s %s" % (expires, path, secret)
).digest()
).replace("\n", "").replace("+", "-").replace("/", "_").replace("=", "")
secured_url = "http://cdn.site.com%s?md5=%s&expires=%s" % (path, token, expires)
print secured_url
Where:
- secret - the URL signature key
- path - the file path or file directory
- ip - the IPs that allowed to access
- expires - the expiration of the URL (in sec)
- token - token generation
- secured_url - file's URL
With OpenSSL
You will get only token as a result. You need to set the time of the URLs expiring in UNIX format manually and add this token to your URLs.
With IP
echo -n '2147483647/images/1.jpg1.2.3.4 secret_key' | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =
'2147483647/images/1.jpg1.2.3.4 secret_key' = '{expires}{path}{ip} {secret_key}'
Without IP
echo -n '2147483647/images/1.jpg secret_key' | openssl md5 -binary | openssl base64 | tr +/ -_ | tr -d =
'2147483647/images/1.jpg secret_key' = '{expires}{path} {secret_key}'