Limit access

2020-01-31 10:35
  • Limit access by referer

To enable access limits based on the referrer, you should first login to Next click on "My Zones" from the menu on the left side.

You will see a list of your configured zones. To edit the advanced settings for a zone, click on the "cogwheel"  icon, on the right. After opening the zone settings, select the second tab - Limit access. Тick the box in front of "Limit access by referrer":

There is an option in case of empty or missing Referer header, to apply the filter to Origin header

The field uses Perl-compatible regular expressions (PCRE) syntax

Below are some basic examples for setting the referer limit:

  • - will match anything that contains in the referer header
  • - will match -, will NOT match
  • ^(https?:\/\/)? - will match and, will NOT match
  • ^(https?:\/\/)? - will match

For most setups you'll need two values:

  • ^(https?:\/\/)? and ^(https?:\/\/)? This will make your files work if they were refered to from
  • You should always use a backslash (\) to escape the special characters like . / 

Enter the domain which is allowed to refer to your files in the field "My files are allowed from" and click "Add" to add the domain. If you have more than one domain, you can add multiple domain names. When you are ready, click the button "Save changes" on the bottom of the page.


  • Limit access by country

The second option of the limit is "Limit access by country". To enable access limits based on the country, click on the Limit access tab and check the box next to "Limit access by country": 

Choose if you want to allow or deny access from the drop-down list. Enter the country which should be allowed/denied to access your files and click "Add" to add to the list. You can add multiple country names.

When you are ready, click the button "Save changes" on the bottom of the page.

  • Limit access by secret key

To enable limit access by secret key, click on the Limit access tab and tick the box in front of "Limit access by using a secret key": 

 Choose the desired hash algorithm, the key you will be using, and the time each key will be valid.

When you are ready, click the button "Save changes" on the bottom of the page.

Then you should generate md5 hash for the URLs you want to protect using for example PHP script. The hash should be created the following way:


for example:



  • /example/image.jpg - request URI
  • VerySecureKey - the key configured at your control panel

After that you can access the URL using the URL:

In addition you can generate hash with the following options:

  • cdn_creation_time – when the hash was generated (unix timestamp)
  • cdn_ttl – the time for which the hash should be valid
  • cdn_net – IP from which the access will be allowed
  • cdn_bw – limit rate of the downloading speed
  • cdn_bw_fs - set the amount of data which should be served on full speed(support k,m and g for KB,MB and GB respectively)
  • cdn_cv_CUSTOM - this is custom parameter which can be configured based on your needs.(You should replace CUSTOM with any name)

With the above values, the hash that will need to be generated is:


for example:



  • /example/image.jpg – request.uri
  • VerySecureKey – your secret key
  • timestamp – creation time for the hash, you can use time() for php or website
  • 600 – time to live for generated hash
  • – the IP from which the URL can be accessed
  • 10240 – bytes per second limit rate
  • 10m - megabytes served at max speed
  • CUSTOM_PARAMETER - the value for the custom parameter

The full URL of the request will be:

You can use the following website to generate md5 hash for testing purposes:

Below you can find sample php code, for generating the required hash:


$secret_key = 'password';
$request_uri = '/path/to/video/videoname.mp4';

// Unix timestamp
$cdn_creation_time = time();

// how long the generated url will be active
$cdn_ttl = 600;

// limit access only to specified ip address or network
$cdn_net = "";

// or limit access only to specified /24 network
$cdn_net = "";

//limit download speed to
$cdn_bw = "10240" // bytes per second (10KB)

//the amount of served at maximum speed
$cdn_bw_fs = "10m" // 10 MB

//your custom parameter

$hash = md5($request_uri.$secret_key.$cdn_creation_time.$cdn_ttl.$cdn_net.$cdn_bw.$cdn_bw_fs.$cdn_cv_CUSTOM);

$access_url  = ''.$request_uri;
$access_url .= '?cdn_hash='.$hash.'&cdn_creation_time='.$cdn_creation_time;
$access_url .= '&cdn_ttl='.$cdn_ttl.'&cdn_net='.$cdn_net.'&cdn_bw='.$cdn_bw.'&cdn_bw_fs'.$cdn_bw_fs.'&cdn_cv_CUSTOM'.$cdn_cv_CUSTOM;

  • Limit access by IP

The last option is that you can limit access to your resources served through Universal CDN zone via IP.

This feature allows you enter a list of IPs , for example or entire subnets, for example and to either Allow your resources to be available for only these IPs or to Block the access for these IPs.

Currently there is a limitation on the maximum records you can have for either Allow or Blocked IPs - it is 64.

Tags: Country, IP, Limit access, Referer, Secret Key