Last updated:2020-11-26 19:47:07
Click Configure in the left navigation pane, find the domain name that you want to configure, and then click Manage in the Operate column. On the page that appears, click Access control in the left navigatio pane. Click the Refer Anti-leech, Ip Black & White List Configuration, and TimeStampAndRefer tabs to configure access control.
ReferBlack List: If you select ReferBlack List for Anti-leech Types, the HTTP requests that contain the Referer in the black list will be rejected from accessing the current acceleration domain name.
ReferWhite List: If you select ReferWhite List for Anti-leech Types, only the HTTP requests that contain the Referer in the white list are allowed to access the current acceleration domain name.
Click the Refer Anti-leech tab and configure Referer-based hotlinking prevention on the tab that appears.
Notes:
Ip Black List: If you select Ip Black List for IP Type, the IP addresses in the black list will be rejected from accessing the current acceleration domain name.
Ip White List: If you select Ip White List for IP Type, only the IP addresses in the white list are allowed to access the current acceleration domain name.
Click the Ip Black & White List Configuration tab and configure hotlinking prevention based on the IP address blacklist or whitelist on the tab that appears.
Notes:
Hotlinking prevention based on the timestamp and shared key is intended to set a validity period for the URL of each request. This prevents unauthorized users from referencing or downloading resources when the resources are delivered by Kingsoft Cloud CDN. This ensures service security and avoids CDN bandwidth waste.
When an edge node verifies an access request, the edge node compares the timestamp value in the URL with the current time. If the timestamp value is smaller than the current time, the URL is considered expired, and the authentication fails. Then, the access request is rejected and an HTTP 403 error code is returned. If the timestamp value is greater than the current time, the MD5 hash algorithm in the access request is used to calculate the MD5 value of the key, URI, and timestamp. The edge node compares this MD5 value with the MD5 hash value in the access request. If they are the same, access is allowed. Otherwise, the authentication fails. Then, the access request is rejected and an HTTP 403 error code is returned.
Hotlinking prevention based on the timestamp and shared key takes effect globally. Two types of URLs are supported. You can select a type based on your needs.
The encryption string is in the URL parameters, for example,
http://DomainName/FileName?t=timestamp&k=md5hash.
The encryption string is in the URL path, for example,
http://DomainName/md5hash/timestamp/FileName.
Select a request object
Request object: http: //ksyun.cdn.com/test.dat
Set shared keys
Primary key: ksyuncdnexp1. Secondary key: kscdnexp2.
Set the timestamp
Set the access time to 1511107200, which indicates 2017-11-20 00:00:00.
Calculate the MD5 value
Use the primary key to calculate the MD5 value.
MD5 hash value = MD5 (ksyuncdnexp1/test.dat1511107200) = 2e3c8055078acba25daddbc276e45154
Type 1 request URL:
http: //ksyun.cdn.com/test.dat?t=1511107200&k=2e3c8055078acba25daddbc276e45154
Type 2 request URL:
http: //ksyun.cdn.com/2e3c8055078acba25daddbc276e45154/1511107200/test.dat
The authentication succeeds if the MD5 hash value calculated is the same as the MD5 hash value in the request. The authentication succeeds if the MD5 hash value calculated based on either the primary key or secondary key is valid.
Click the TimeStampAndRefer tab and configure hotlinking prevention based on the timestamp and shared key on the tab that appears.
Notes:
The shared key must be 6 to 128 characters in length , including uppercase letters, lowercase letters, or digits.
You can configure primary and secondary keys. The primary key is required, and the secondary keys are optional. You can configure up to four secondary keys. Separate secondary keys with commas (,).
You must enter the expiration time in seconds. The value must be an integer ranging from 0 to 31536000.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.