Access Control
When you need to restrict access to CDN resources, this article can help you understand how to configure them and the related precautions.
Referer Anti-leech
You can identify and control user requests by configuring the Referer anti-leech blacklist and whitelist, enhancing the security of the accelerated domain name, and preventing malicious users from leeching.
-
Referer anti-leech is identified and judged based on the value of the referer field in the HTTP Request Header. According to the policy set by the user, access-user filtering is carried out.
-
Currently, referer anti-leech is divided into blacklist and whitelist mechanisms, and it is not enabled by default.
-
You can set whether to allow the empty Referer field to access resources, that is, allow direct access to the resource URL through the browser address bar.
-
Up to 100 can be set; multiples are separated by a return character; regular expressions are not supported; and when the referer is a wildcard domain, please start with *., such as *.example2.com, including any matching host headers and empty host headers.
IP Blacklist
You can identify and control user requests by configuring an IP blacklist, thereby enhancing the security of the accelerated domain name and preventing malicious users from accessing it.
- IP Blacklist: IPs within the blacklist will be unable to access resources; by default, the blacklist is empty.
- Supports adding IP segments, for example, 10.1.1.0/24; Note: Banning segments only supports /24 bits or above, for instance, banning segments like 10.0.0.0/8 or 10.0.0.0/20 will not take effect.
MD5 Anti-leech
You can protect the resources of your user's site from being illegally used by others by configuring MD5 anti-leech. This helps avoid bandwidth surges and significant cost increases due to leeching.
MD5 anti-leech cannot be configured through the console for now. Configuration requires a secret key and an expiration time. Please contact the architect or technical support for configuration.
Configuration instructions:
k = md5(secret key + file URI + expiration time t)
1、k: The parameter name in the URL, md5(string value), the string generated by md5 is 32 bits.
2、t: Expiration time, for example, if the current time is 2012-04-23 16:20:00 and the valid duration is set to 2 hours, the expiration time will be 2012-04-23 18:20:00. Converted to seconds based on 1970, it is 1335176400, which is the value of parameter t.
3: Secret Key: The secret key string provided by the user.
Example: URL: http://tysxtest.ufile.surfercloud.com.cn/test/3e2_teacher_720p.mp4
Secret Key: whaty321;
Expiration time: 2 hours. For example, if it expires at 2019-07-01 12:00, after conversion, t=1561953600;
k=md5(whaty321/test/3e2_teacher_720p.mp41561953600)=1100bda530528404109eaa80bd9fb9d8
URL after adding anti-leech: http://tysxtest.ufile.surfercloud.com.cn/test/3e2_teacher_720p.mp4?k=1100bda530528404109eaa80bd9fb9d8&t=1561953600
The URL with anti-leech can be accessed normally. If the value of k does not match, access will fail. If the validation finds that the time of t has exceeded the valid duration, the validation will also fail.