tencent cloud

$0 14-Day TrialExperience EdgeOne for acceleration and security protection!

Feedback

Content Delivery Network
Last updated: 2024-12-30 21:35:35
To protect your site resources from being downloaded or stolen by unauthorized users, you can choose an authentication method from Types A, B, C, and D as needed. This document describes parameter fields and their purposes in TypeC authentication.

Algorithm Description

Access URL formathttp://DomainName/md5hash/timestamp/FileName
Note:
The access URL cannot contain any Chinese characters.
Description of authentication fields
Field
Description
DomainName
CDN domain.
Filename
Resource access path. During authentication, `Filename` must start with a slash (/).
timestamp
The time when the server generates the authentication URL. It is a positive hex integer Unix timestamp, which is the total number of seconds between 00:00:00, January 1, 1970, UTC time and the URL generation time. Its definition is irrelevant to the time zone.
md5hash
A string containing 32 characters calculated based on the MD5 algorithm. It is calculated as follows:
• There are no symbols between parameters in md5hash = md5sum(pkeytimestampuri).
• pkey: It can contain 6–40 letters and digits. It should be kept private and disclosed to only the client and server.
• uri: It is the resource access path and must start with a slash (/).
• timestamp: Its value is the above timestamp.

Authentication logic description After the CDN server receives a user request, it parses the timestamp parameter in the URL and the validity period of the authentication URL and compares it with the current time.
1.1 If the sum of timestamp and the validity period of the authentication URL is before the current time, the server judges that the URL has expired and is invalid and returns the HTTP error code 403.
1.2 If the sum of timestamp and the validity period of the authentication URL is after the current time, the server uses the MD5 algorithm to calculate the value of md5hash and it with the md5hash value passed in by the URL. If they are the same, the request will pass the authentication; otherwise, the HTTP error code 403 will be returned.

Directions

Taking the configuration of TypeC authentication as an example, the parameters and console configuration items are configured as follows:
Field configuration
Authentication key: dimtm5evg50ijsx2hvuwyfoiu65
Validity period of the authentication URL: 1s
The time when the signature calculation server generates the authentication URL: 2020-02-27 16:10:32 (UTC+8). Its decimal integer value after conversion is 1582791032 (timestamp).
Requested origin address: http://cloud.tencent.com/test.jpg
Generation process
Get authentication parameters:
Parameter
Value
URI
Resource access path, which is /test.jpg.
timestamp
1582791032
pkey
dimtm5evg50ijsx2hvuwyfoiu65
Concatenate the signature string: dimtm5evg50ijsx2hvuwyfoiu651582791032/test.jpg
Calculate the MD5 value of the signature string: md5hash = md5sum(pkeytimestampuri) =md5sum(dimtm5evg50ijsx2hvuwyfoiu651582791032/test.jpg) = ea68b93ac23ebbc6eebf7f163c6e9c4c
Generate the authentication URL:http://cloud.tencent.com/ea68b93ac23ebbc6eebf7f163c6e9c4c/1582791032/test.jpg When the client uses the encryption URL for access, if the md5hash value calculated by the CDN server is the same as the md5hash value carried by the access request, which are both ea68b93ac23ebbc6eebf7f163c6e9c4c in this example, the request will pass the authentication; otherwise, the authentication will fail.

Notes

Cache hit rate If you have enabled TypeC authentication for a domain, the signature and timestamp will be carried in the access URL path. When a CDN node caches the resource, it will automatically ignore the authentication path and thus not affect the cache hit rate.
Origin-pull policy The access format of a domain name with TypeC authentication mode enabled is as follows: http://DomainName/md5hash/timestamp/FileName
If the CDN node is not hit after successful authentication, it will initiate an origin-pull request, in which the md5hash and timestamp will be removed from the path. The origin server does not need to process the authentication information.

Catalog

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon