With remote authentication, after authenticating a push/playback request for hotlink protection, CSS will call your server API to send the request to your server so that you can determine whether the request is legitimate. Based on the result your server returns, CSS will approve or reject the push/playback request. This ensures more precise authentication and improves security. However, you need to develop your own authentication server.
Workflow
Remote authentication works as follows:
No
Description
1
A request is sent to CSS.
2
If remote authentication is enabled for the domain, CSS will process the request as specified and then send it to your authentication server.
3
Your authentication server returns the result. The HTTP status code 200 indicates that the request should be approved, while the code 403 indicates that the request should be rejected.
4
CSS approves or rejects the request based on the result.
Prerequisites
You have activated CSS and logged in to the CSS console.
You have added a push domain.
Configuring Remote Authentication
1. Log in to the CSS Console, and select Domain Management on the left sidebar. Click the the push domain you want to configure remote authentication for, or click on Manage on the right side to enter the Domain Management page.
2. Under the Advanced Configuration tab, find Remote authentication.
3. Click
to enable remote authentication and complete the following settings:
Configuration Item
Description
Authentication server address
The address of your authentication server (required). Format: http(s)://+Domain or IP address+Port+Path.
Request method
POST is selected by default. You can also use HEAD or GET.
URL authentication
Parameters to keep
All URL parameters are kept by default. You can also specify parameters to keep or remove all parameters.
If you select Keep specified parameters, you need to enter the parameters to be retained in the input box. Chinese characters and spaces are not supported. Separate multiple parameters with "|", for example: value1|value2.
Authentication parameters are case-sensitive; "key" and "KEY" are considered as two different parameters.
Custom parameters to add
Click Add, and the parameter type can be either Select Parameter or Custom. (Up to 50 parameters can be added)
When you select Custom, you need to fill in the parameter and value fields. Chinese characters and spaces are not supported. Authentication parameters are case-sensitive; "key" and "KEY" are considered as two different parameters.
Timeout period (ms) per try
This is required. Enter a value between 500 and 3000. The default is 3000.
Max retries
Enter a value between 0 and 3. The default is 1.
Behavior upon timeout
This specifies whether to approve or reject a request if the system does not receive a response (HTTP status code 200 or 403) after the total timeout period elapses (Total timeout period = Timeout period per try x (Max retries + 1)). The default is Approve. You can also set it to Reject.
4. Click Save.
Note:
The remote authentication configuration will take effect about 10 minutes after completion.
Modifying Remote Authentication Settings
1. Select Domain Management on the left sidebar. Click the the push domain you want to configure remote authentication for, or click on Manage on the right side to enter the Domain Management page.
2. Under the Advanced Configuration tab, find Remote authentication and click Edit.
3. Modify the settings and click Save.
Disabling Remote Authentication
1. Select Domain Management on the left sidebar. Click the push domain you want to disable remote authentication for, or click Manage on the right to enter the Domain Management page.
2. Under the Advanced Configuration tab, find Remote authentication and click
Yes
No
Was this page helpful?