Token-Based Authentication Quick Reference

Applies To:

HTTP LargeThis platform has been optimized to cache and deliver static content (e.g., HTML, CSS, JavaScript, ISO, multimedia, and software downloads, etc.) over HTTP or HTTPS.

HTTP SmallLegacy. If you are currently serving traffic over this platform, then you may continue to do so. However, we recommend that you serve your traffic over our more robust HTTP Large platform.

ADNThe Application Delivery Network platform has been optimized to deliver dynamic content (e.g., login credentials, account information, etc.) over HTTP or HTTPS. Typically, user-specific and database-driven content are served over this platform.

You should upgrade to Token-Based Authentication 3.0.
Learn more.

Quick reference information is provided on:

Token-Based Authentication Support
Primary and Backup Key
Directory to Authenticate Configuration
Parameters
Link Formatting

Token-Based Authentication Support

The platforms and features that support Token-Based Authentication are listed below.

Platform/Feature	Support
ADN
HTTP Large
HTTP Small

Primary and Backup Key

Take the following precautions to secure the primary and backup key:

Ensure that these keys are never shared outside of your organization.
Periodically rotate the primary key.
Remove the backup key as soon as you have transitioned to a new primary key.

Directory to Authenticate Configuration

The relative path must start with a forward slash (/).
Specifying the root folder (/) to require authentication for all requests on the current platform.
The comparison of an authentication directory to a request starts after the base URL.

View comparison information for ADN

Type	Base URL
Customer Origin	Base CDN/Edge CNAMEComparison occurs after our edge servers rewrite the edge CNAME URL to a CDN URL. URL http://adn.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC..{Base Domain}/80Indicates that content from a customer origin server is being requested.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC. Sample URL: http://adn.0001.edgecastcdn.net/800001/myorigin/marketing/index.html?123456780a
CDN Storage	Base CDN URL http://adn.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC..{Base Domain}/00Indicates that content from our CDN storage solution is being requested.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC. Sample URL: http://adn.0001.edgecastcdn.net/000001/marketing/index.html?123456780a
CDN Storage	Base Edge CNAME URL http://Edge_CNAME Sample URL: http://cdn.mydomain.com/marketing/index.html?123456780a

Type

Base URL

Customer Origin

Base CDN/Edge CNAMEComparison occurs after our edge servers rewrite the edge CNAME URL to a CDN URL. URL

http://adn..{Base Domain}/

Sample URL:

http://adn.0001.edgecastcdn.net/800001/myorigin/marketing/index.html?123456780a

CDN Storage

Base CDN URL

http://adn..{Base Domain}/

Sample URL:

http://adn.0001.edgecastcdn.net/000001/marketing/index.html?123456780a

CDN Storage

Base Edge CNAME URL

http://Edge_CNAME

Sample URL:

http://cdn.mydomain.com/marketing/index.html?123456780a

View comparison information for HTTP Large

Type	Base URL
Customer Origin	Base CDN/Edge CNAMEComparison occurs after our edge servers rewrite the edge CNAME URL to a CDN URL. URL http://wpc.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC..{Base Domain}/80Indicates that content from a customer origin server is being requested.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC. Sample URL: http://wpc.0001.edgecastcdn.net/800001/myorigin/marketing/index.html?123456780a
CDN Storage	Base CDN URL http://wpc.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC..{Base Domain}/00Indicates that content from our CDN storage solution is being requested.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC. Sample URL: http://wpc.0001.edgecastcdn.net/000001/marketing/index.html?123456780a
CDN Storage	Base Edge CNAME URL http://Edge_CNAME Sample URL: http://cdn.mydomain.com/marketing/index.html?123456780a

Type

Base URL

Customer Origin

Base CDN/Edge CNAMEComparison occurs after our edge servers rewrite the edge CNAME URL to a CDN URL. URL

http://wpc..{Base Domain}/

Sample URL:

http://wpc.0001.edgecastcdn.net/800001/myorigin/marketing/index.html?123456780a

CDN Storage

Base CDN URL

http://wpc..{Base Domain}/

Sample URL:

http://wpc.0001.edgecastcdn.net/000001/marketing/index.html?123456780a

CDN Storage

Base Edge CNAME URL

http://Edge_CNAME

Sample URL:

http://cdn.mydomain.com/marketing/index.html?123456780a

View comparison information for HTTP Small

Type	Base URL
Customer Origin	Base CDN/Edge CNAMEComparison occurs after our edge servers rewrite the edge CNAME URL to a CDN URL. URL http://wac.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC..{Base Domain}/80Indicates that content from a customer origin server is being requested.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC. Sample URL: http://wac.0001.edgecastcdn.net/800001/myorigin/marketing/index.html?123456780a
CDN Storage	Base CDN URL http://wac.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC..{Base Domain}/00Indicates that content from our CDN storage solution is being requested.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC. Sample URL: http://wac.0001.edgecastcdn.net/000001/marketing/index.html?123456780a
CDN Storage	Base Edge CNAME URL http://Edge_CNAME Sample URL: http://cdn.mydomain.com/marketing/index.html?123456780a

Type

Base URL

Customer Origin

Base CDN/Edge CNAMEComparison occurs after our edge servers rewrite the edge CNAME URL to a CDN URL. URL

http://wac..{Base Domain}/

Sample URL:

http://wac.0001.edgecastcdn.net/800001/myorigin/marketing/index.html?123456780a

CDN Storage

Base CDN URL

http://wac..{Base Domain}/

Sample URL:

http://wac.0001.edgecastcdn.net/000001/marketing/index.html?123456780a

CDN Storage

Base Edge CNAME URL

http://Edge_CNAME

Sample URL:

http://cdn.mydomain.com/marketing/index.html?123456780a

Parameters

This section provides a brief description for each available parameter.

Parameter	Description	Example
ec_clientip	Restricts content delivery to requests that originate from a specific IP address. Usage: This parameter supports standard IPv4/IPv6 and CIDR notation.	Value: 111.11.111.11 Result: Restricts content delivery to a client with an IP address of 111.11.111.11.
ec_country_allow	Restricts content delivery to the specified countries. Usage: Use a comma to delimit multiple country codes. Use ISO 3166 country codes to specify countries. View country code listing.	Value: US Result: Restricts content delivery to requests that originate from the United States.
ec_country_deny	Blocks requests from one or more countries. Usage: Use a comma to delimit multiple country codes. Use ISO 3166 country codes to specify countries. View country code listing.	Value: US,CA Result: Blocks all requests that originate from the United States and Canada.
ec_expire	Defines an expiration date and time (GMT) for the token value. Usage: Specify the number of seconds that will pass from Unix time to the expiration date.	Value: 1451563200 Result: Expires the token on 12/31/2015 at 12:00:00 GMT.
ec_host_allow	Restricts content delivery to the specified set of hosts. Usage: Do not include the protocol portion of the desired URL (e.g., http://). A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname matches a specified value. Use a comma to delimit multiple hosts.	Value: server1.com,*.server2.com Result: Blocks all requests whose host does not match either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).
ec_host_deny	Defines the set of hosts for which content delivery will be denied. Usage: Do not include the protocol portion of the desired URL (e.g., http://). A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname do not match a specified value. Use a comma to delimit multiple hosts.	Value: server1.com,*.server2.com Result: Blocks all requests whose host matches either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).
ec_proto_allow	Restrict content delivery to the specified protocol(s). Usage: Acceptable values for this parameter are "http" and "https."	Value: https Result: Restricts content delivery to requests that leverage the HTTPS protocol.
ec_proto_deny	Denies requests that leverage the specified protocol. Usage: Acceptable values for this parameter are "http" and "https."	Value: http Result: Blocks requests that leverage the HTTP protocol.
ec_ref_allow	Restricts content delivery to the specified set of referrers. Usage: Do not include the protocol portion of the desired URL (e.g., http://). The specified value will be compared against the request's Referer header. This header value must start with a value defined by this parameter. Use a comma to delimit multiple referrers.	Value: server1.com/obj1,*.server2.com Result: Allows requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.
ec_ref_deny	Defines the set of referrers for which content delivery will be denied. Usage: Do not include the protocol portion of the desired URL (e.g., http://). The specified value will be compared against the request's Referer header. This header value must not start with a value defined by this parameter. Use a comma to delimit multiple referrers.	Value: server1.com/obj1,*.server2.com Result: Blocks requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.
ec_url_allow	Links a URL path to a token. Usage: Only requests that start with the specified URL path will be allowed access. Do not include the protocol and hostname of the desired URL (e.g., http://www.domain.com).	Value: /000001/dir1/movie1,/000001/dir2 Result: Allows requests to CDN storage that meet one of the following criteria: The name of the requested content starts with "movie1" and is stored in a folder called "dir1." All content stored in the directory tree that starts with "dir1/movie1." All content stored in the directory tree that starts with "dir2." View sample "allowed" requests. http://wpc.0001Represents your customer account number..edgecastcdn.net/000001Represents your customer account number./dir1/movie10.flv http://wpc.0001Represents your customer account number..edgecastcdn.net/000001Represents your customer account number./dir1/movie1/ad.pdf http://wpc.0001Represents your customer account number..edgecastcdn.net/000001Represents your customer account number./dir20/sales/brochure.pdf

Parameter

Description

Example

ec_clientip

Restricts content delivery to requests that originate from a specific IP address.

Usage:

This parameter supports standard IPv4/IPv6 and CIDR notation.

Value:

111.11.111.11

Result:

Restricts content delivery to a client with an IP address of 111.11.111.11.

ec_country_allow

Restricts content delivery to the specified countries.

Usage:

Use a comma to delimit multiple country codes.
Use ISO 3166 country codes to specify countries.

View country code listing.

Value:

Result:

Restricts content delivery to requests that originate from the United States.

ec_country_deny

Blocks requests from one or more countries.

Usage:

Use a comma to delimit multiple country codes.
Use ISO 3166 country codes to specify countries.

View country code listing.

Value:

US,CA

Result:

Blocks all requests that originate from the United States and Canada.

ec_expire

Defines an expiration date and time (GMT) for the token value.

Usage:

Specify the number of seconds that will pass from Unix time to the expiration date.

Value:

1451563200

Result:

Expires the token on 12/31/2015 at 12:00:00 GMT.

ec_host_allow

Restricts content delivery to the specified set of hosts.

Usage:

Do not include the protocol portion of the desired URL (e.g., http://).
A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname matches a specified value.
Use a comma to delimit multiple hosts.

Value:

server1.com,*.server2.com

Result:

Blocks all requests whose host does not match either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).

ec_host_deny

Defines the set of hosts for which content delivery will be denied.

Usage:

Do not include the protocol portion of the desired URL (e.g., http://).
A comparison will be made against the value specified in the Host request header. Content delivery is restricted to requests whose hostname do not match a specified value.
Use a comma to delimit multiple hosts.

Value:

server1.com,*.server2.com

Result:

Blocks all requests whose host matches either server1.com or the server2.com domain root (e.g., secure.server2.com or cdn.server2.com).

ec_proto_allow

Restrict content delivery to the specified protocol(s).

Usage:

Acceptable values for this parameter are "http" and "https."

Value:

https

Result:

Restricts content delivery to requests that leverage the HTTPS protocol.

ec_proto_deny

Denies requests that leverage the specified protocol.

Usage:

Acceptable values for this parameter are "http" and "https."

Value:

http

Result:

Blocks requests that leverage the HTTP protocol.

ec_ref_allow

Restricts content delivery to the specified set of referrers.

Usage:

Do not include the protocol portion of the desired URL (e.g., http://).
The specified value will be compared against the request's Referer header. This header value must start with a value defined by this parameter.
Use a comma to delimit multiple referrers.

Value:

server1.com/obj1,*.server2.com

Result:

Allows requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.

ec_ref_deny

Defines the set of referrers for which content delivery will be denied.

Usage:

Do not include the protocol portion of the desired URL (e.g., http://).
The specified value will be compared against the request's Referer header. This header value must not start with a value defined by this parameter.
Use a comma to delimit multiple referrers.

Value:

server1.com/obj1,*.server2.com

Result:

Blocks requests whose referrers start with "server1.com/obj1" or whose host contains the server2.com domain root.

ec_url_allow

Links a URL path to a token.

Usage:

Only requests that start with the specified URL path will be allowed access.
Do not include the protocol and hostname of the desired URL (e.g., http://www.domain.com).

Value:

/000001/dir1/movie1,/000001/dir2

Result:

Allows requests to CDN storage that meet one of the following criteria:

The name of the requested content starts with "movie1" and is stored in a folder called "dir1."
All content stored in the directory tree that starts with "dir1/movie1."
All content stored in the directory tree that starts with "dir2."

Link Formatting

All requests for content requiring authentication must contain a query string set to a valid token.

http://hostname/path/Filename.ext?