Limit access

UCDN
2018-10-17 15:05
  • Limit access by referer

To enable access limits based on the referrer, you should first login to my.ucdn.com. Next click on "My Zones" from the menu on the left side.

You will see a list of your configured zones. To edit the advanced settings for a zone, click on the "cogwheel"  icon, on the right. After opening the zone settings, select the second tab - Limit access. Тick the box in front of "Limit access by referrer":

The field uses Perl-compatible regular expressions (PCRE) syntax

Below are some basic examples for setting the referer limit:

  • my-domain.net - will match anything that contains my-domain.net in the referer header
  • .my-domain.net - will match .my-domain.net - www.my-domain.netsubdomain.my-domain.netsub.domain.my-domain.net, will NOT match my-domain.net
  • ^(https?:\/\/)?my-domain.net - will match http://my-domain.net and https://my-domain.net, will NOT match http://www.my-domain.net
  • ^(https?:\/\/)?www.my-domain.net - will match http://www.my-domain.nethttps://www.my-domain.netwww.my-domain.net

For most setups you'll need two values:

  • ^(https?:\/\/)?my-domain.net and ^(https?:\/\/)?www.my-domain.net. This will make your files work if they were refered to from http://my-domain.net https://my-domain.net http://www.my-domain.net https://www.my-domain.net
  • You should always use a backslash (\) to escape the special characters like . /

Enter the domain which is allowed to refer to your files in the field "My files are allowed from" and click "Add" to add the domain. If you have more than one domain, you can add multiple domain names. When you are ready, click the button "Save changes" on the bottom of the page.

  • Limit access by country

The second option of the limit is "Limit access by country". To enable access limits based on the country, click on the Limit access tab and check the box next to "Limit access by country": 

Choose if you want to allow or deny access from the drop-down list. Enter the country which should be allowed/denied to access your files and click "Add" to add to the list. You can add multiple country names.

When you are ready, click the button "Save changes" on the bottom of the page.

  • Limit access by secret key

To enable limit access by secret key, click on the Limit access tab and tick the box in front of "Limit access by using a secret key": 

 Choose the desired hash algorithm, the key you will be using, and the time each key will be valid.

When you are ready, click the button "Save changes" on the bottom of the page.

Then you should generate md5 hash for the URLs you want to protect using for example PHP script. The hash should be created the following way:

request.uri+key

for example:

/example/image.jpgVerySecureKey

where,

  • /example/image.jpg - request URI
  • VerySecureKey - the key configured at your control panel

After that you can access the URL using the URL:

http://yourdomain.com/example/image.jpg?cdn_hash=generated_hash

In addition you can generate hash with the following options:

  • cdn_creation_time – when the hash was generated (unix timestamp)
  • cdn_ttl – the time for which the hash should be valid
  • cdn_net – IP from which the access will be allowed
  • cdn_bw – limit rate of the downloading speed
  • cdn_bw_fs - set the amount of data which should be served on full speed(support k,m and g for KB,MB and GB respectively)
  • cdn_cv_CUSTOM - this is custom parameter which can be configured based on your needs.(You should replace CUSTOM with any name)

With the above values, the hash that will need to be generated is:

request.uri+key+cdn_creation_time+cdn_ttl+cdn_net+cdn_bw+cdn_bw_fs+cdn_cv_CUSTOM

for example:

/example/image.jpgVerySecureKeytimestamp600192.168.0.1101024010mCUSTOM_PARAMETER

where

  • /example/image.jpg – request.uri
  • VerySecureKey – your secret key
  • timestamp – creation time for the hash, you can use time() for php or website http://www.epochconverter.com/
  • 600 – time to live for generated hash
  • 192.168.0.1 – the IP from which the URL can be accessed
  • 10240 – bytes per second limit rate
  • 10m - megabytes served at max speed
  • CUSTOM_PARAMETER - the value for the custom parameter

The full URL of the request will be:

http://yourdomain.com/example/image.jpg?cdn_hash=generated_hash&cdn_creation_time=timestamp&cdn_ttl=600&cdn_net=192.168.0.1&cdn_bw=10240&cdn_bw_fs=10m&cdn_cv_CUSTOM=CUSTOM_PARAMETER

You can use the following website to generate md5 hash for testing purposes:

Below you can find sample php code, for generating the required hash:

<?php

$secret_key = 'password';
$request_uri = '/path/to/video/videoname.mp4';

// Unix timestamp
$cdn_creation_time = time();

// how long the generated url will be active
$cdn_ttl = 600;

// limit access only to specified ip address or network
$cdn_net = "192.168.1.20";

// or limit access only to specified /24 network
$cdn_net = "192.168.2.0.24";

//limit download speed to
$cdn_bw = "10240" // bytes per second (10KB)

//the amount of served at maximum speed
$cdn_bw_fs = "10m" // 10 MB

//your custom parameter
$cdn_cv_CUSTOM = "CUSTOM_PARAMETER"


$hash = md5($request_uri.$secret_key.$cdn_creation_time.$cdn_ttl.$cdn_net.$cdn_bw.$cdn_bw_fs.$cdn_cv_CUSTOM);

$access_url  = 'http://cname.clientdomain.com/'.$request_uri;
$access_url .= '?cdn_hash='.$hash.'&cdn_creation_time='.$cdn_creation_time;
$access_url .= '&cdn_ttl='.$cdn_ttl.'&cdn_net='.$cdn_net.'&cdn_bw='.$cdn_bw.'&cdn_bw_fs'.$cdn_bw_fs.'&cdn_cv_CUSTOM'.$cdn_cv_CUSTOM;

?>
Tags: Country, Limit access, Referer, Secret Key