Skip to main content
0%

Using ProtectServe

CacheFly knowledge baseService Options
Table of contents

Setting Up a ProtectServe URL

A ProtectServe URL has the following components:

  • filepath = The path to the file to be served, which must be uploaded to your /Protected/ folder

  • rules = A set of key/value pairs which control URL access, separated by semi-colons

  • hash = An HMAC-256 hash consisting of the rules and your secret ProtectServe Key (see how to display a ProtectServe Key) obtained from CacheFly, which prevents tampering with your rules.

Available rules are:

  • expiretime

    • Set this to a value in seconds since unix epoch time (unix time()) format at which point this object will expire. For example: expiretime=1123369886. To ensure this works properly, ensure that the server which generates your links is synced via Network Time Protocol (NTP).

  • badurl

    • Set this to the Base64 encoded URL to which you send visitors if the conditions set in the rules are not met, or if the hash is tampered with.

  • ip

    • Set this to the authorized remote IP address.

ProtectServe URL and PHP Code Examples

A ProtectServe URL looks like this:

http://servicename.cachefly.net/Protected/$rules/$hash/paidcontent.wmv

Below is example PHP Code for a ProtectServe URL expiring in 1 minute:

$secret = "mysecret";
$filepath = "paidcontent.wmv";
$splashpage = "http://www.website.com/protected.php";
$b64splash = base64_encode($splashpage);
$expiretime = time() + 60;
$user_ip = $_SERVER['REMOTE_ADDR'];
$rules = "expiretime=$expiretime;ip=$user_ip;badurl=$b64splash";
$hash = hash_hmac('sha256',$rules . $filepath, $secret, FALSE);
$link = "http://servicename.cachefly.net/Protected/$rules/$hash/$filepath";

Generating ProtectServe Links for a Directory

As well as generating ProtectServe links to limit access to each file individually, you can also limit access at folder level. For example, you can have 10 files in one directory and one hashed link to access all of them.

Here is an example PHP snippet that signs URLS at the directory level and allows you to use the same relative URL/signature for any objects inside the same directory.

<?php

// Example URL https://servicename.cachefly.net/Protected/$rules/$hash/some/directory/{index.m3u8|playlist.m3u8|chunk1.ts}

// GENERATE PROTECTSERVE URL
$secret = 'XXXXXXXXXXXXXXXXXXXXXX';
$path_to_hash = 'some/directory/'; // WHAT WE WANT TO HASH (FULL FILE PATH OR DIRECTORY)
$filename = 'index.m3u8'; // SET THE REST OF PATH OUTSIDE OF THE WHAT WE ARE HASHING
$expiretime = time() + 600000;
$rules = 'expiretime=' . $expiretime . ';' . 'dirmatch=true'; // THE DIRMATCH RULE IS WHAT ENABLES DIRECTORY HASHING
$hash = hash_hmac('sha256',$rules . $path_to_hash, $secret, FALSE);
$request = "/$rules/$hash/" . $path_to_hash;
if ($filename != '') {
$request = $request . $filename;
}
echo "https://servicename.cachefly.net/Protected" . $request . "\r\n";
?>

0%
0%