The tokens generated from most parameters are not specific to a particular folder or asset. Therefore, those tokens may potentially be reused to authenticate content stored in various folders. The Allow URL parameter (i.e., ec_url_allow), on the other hand, tailors tokens to a particular asset or path. This parameter restricts access to requests whose URLs start with a specific relative path.
Query strings are ignored by this parameter.
The comparison between a request and this parameter's value starts immediately after the request's hostname.
Key information:
All of the following requests satisfy this requirement when ec_url_allow is set to "/marketing:"
Alternatively, only the first request will satisfy this security requirement when ec_url_allow is set to "/marketing.htm."
Sample URLs are provided below. Bold, blue font indicates the portion of the URL that will be compared against the relative path defined for this parameter.
| Type | Sample URL |
|---|---|
|
CDN URL |
http:// |
|
Edge CNAME URL |
http://cdn.mydomain.com/marketing.htm |
The following sample scenarios demonstrate how different ec_url_allow values are handled.
Although the following sample URLs are specific to the HTTP Large platform, the analysis of these URLs also applies to the HTTP Small and the ADN platforms.
This scenario is based on the following request:
| Request | Description |
|---|---|
|
URL Type |
CDN URL |
|
Origin Type |
CDN Storage |
|
URL |
http://wpc.0001.edgecastcdn.net/000001/Secure/index.html |
All of the following sample ec_url_allow values authorize the above request.
| ec_url_allow Value | Additional Information |
|---|---|
|
/000001 |
Authorizes all CDN URL requests to CDN storage. |
|
/000001/Secure/ |
Authorizes CDN URL requests to the Secure folder on CDN storage. |
|
/000001/Secure/index.html |
Only authorizes this specific CDN URL request. |
This scenario is based on the following request:
| Request | Description |
|---|---|
|
URL Type |
CDN URL |
|
Origin Type |
Customer Origin |
|
URL |
http://wpc.0001.edgecastcdn.net/800001/MyServer/Secure/index.html |
All of the following sample ec_url_allow values authorize the above request.
| ec_url_allow Value | Additional Information |
|---|---|
|
/800001 |
Authorizes CDN URL requests to any customer origin server. |
|
/800001/MyServer/ |
Authorizes all CDN URL requests to a customer origin server called "MyServer." |
|
/800001/MyServer/Secure/index.html |
Only authorizes this specific CDN URL request. |
This scenario is based on the following request:
| Request | Description |
|---|---|
|
URL Type |
Edge CNAME URL |
|
Origin Type |
Customer Origin |
|
URL |
http://secure.server.com/marketing/index.html The hostname "secure.server.com" leverages an edge CNAME configuration that points to: |
All of the following sample ec_url_allow values authorize the above request.
| ec_url_allow Value | Additional Information |
|---|---|
|
/ |
Authorizes all requests regardless of URL or origin type. The relative path for all requests start with a "/." |
|
/marketing |
Authorizes all edge CNAME URL requests to a folder called "marketing." |
|
/marketing/index.html |
Authorizes requests that meet the following criteria:
|
The sample requests listed in this section leverage a token that contains the following requirement:
The following table describes how sample requests will be handled for this scenario.
| Sample Request | Authorized? |
|---|---|
|
http://secure.server.com/Folder1/movie1.flv |
Allowed |
|
http://secure.server.com/Folder1/movie1.mpg |
Allowed |
|
http://secure.server.com/Folder1/movie1/index.htm |
Allowed |
|
http://secure.server.com/Folder2/film.mpg |
Allowed |
|
http://secure.server.com/Folder1/movie2.flv |
Denied |
|
http://secure.server.com/Folder3 |
Denied |
The "secure.server.com" hostname points to wpc.0001.edgecastcdn.net/800001/MyServer/Secure.
Edgecast CDN