Content Access Authentication allows you to require authentication for access to content.
URL Signing
URL Signing allows you to protect files from unauthorized access with an encrypted key.
URL Signing gives you more control over access to your content by preventing the free distribution of content outside of your designated workflow. Access is denied either when a user tampers with the URL, or if a well formatted URL has an expiration timestamp in the past.
URL signing is based upon the idea of building a URL which contains a "shared secret" – essentially a passphrase which is known only to the signer and the CDN.
The URL is initially constructed with the passphrase (and optional fields, such as TTL) included, the URL is hashed using the MD5 algorithm, and then the passphrase field is removed and the result of the MD5 is added. The resulting URL can then be used on the public Internet, in clear text, without exposing the secret passphrase.
Any attempt to alter the resulting URL will also result in the value of the MD5 hash changing, and invalidating the URL (any attempt to also alter the MD5 hash will similarly fail, as the shared secret is not available in order to generate the new correct hash).
When the request arrives at StackPath, the same process is followed (we also have the shared secret, per the inputs to the URL signing rule on the Content Protection policy). If our hash matches the URL's hash, then we know that whoever signed the URL knew the shared secret at that time. If any optional fields are included, they are also validated.
Passphrase
This is the shared secret used during the signing process. It should only be known by StackPath and systems authorized to sign your content.
Passphrase Name
This is the name of the portion of the URL that contains the Passphrase. It's only used during the generation and validation of a URL, and shouldn't be present in the published URL.
URL Signature Name
This is the name of the portion of the URL that's used to identify the signature for the URL.
Expiration Name
This is the name of the query string parameter that contains the epoch time after which the URL is considered invalid.
IP Address Whitelist
Use this option if you’d like to limit access to the URL to a specific IP address or set of IP addresses.
URL Signature Path Length
This is the number of characters in the path that should be considered when validating the URL signature.
Basic Authentication
Basic Authentication allows you to require authentication in the form of a username and password from within an HTTP user agent, or web browser.
Basic Authentication is a simple method of authentication that allows an HTTP user agent, such as a web browser, to provide a user name and password when making a request for content.
Binding Point URL
This is the URL authentication is sent to in order to see if it's valid.
Realm
This is the name of the pop up window that prompts for the user name and password.
Authentication TTL
This is the time in secords that the authentication session will be cached by browsers.