Users may be allowed or blocked based on the host requesting protected content. A host, which is reported by the Host request header field, identifies the hostname of the server from which the content was requested.
| Parameter | Description |
|---|---|
|
ec_host_allow |
Allows requests to the specified hosts. |
|
ec_host_deny |
Denies requests to the specified hosts. |
These parameters are not available from within the Encrypt Tool section of the Token Auth page. However, an encrypted token value may still be generated through the Token Generator application or by creating a custom token generator.
Key information:
A wildcard domain may be specified using this syntax: *.Domain. This type of configuration will match any host that contains the specified domain (e.g., www.domain.com, secure.domain.com, and videos.domain.com).
The asterisk (*) character only acts as a wildcard character when it occurs as the first character in the specified hostname.
We will now use a sample URL to demonstrate how content delivery is affected by tokens that take advantage of the ec_host_allow parameter. In this scenario, a token was generated from the following parameter:
The following table describes how sample requests that point to the specified sample host will be handled for this scenario.
| Sample Host | Authorized? |
|---|---|
|
www.server1.com |
Allowed |
|
data.server1.com |
Allowed |
|
secure.server2.com |
Allowed |
|
en.secure.server2.com |
Allowed |
|
secure.server1.com |
Denied |
|
server2.com |
Denied |
The ec_host_deny parameter works in the same way. In this scenario, a token was generated from the following parameter:
The following table describes how sample requests that point to the specified sample host will be handled for this scenario.
| Sample Host | Authorized? |
|---|---|
|
secure.server1.com |
Allowed |
|
server2.com |
Allowed |
|
www.server1.com |
Denied |
|
data.server1.com |
Denied |
|
secure.server2.com |
Denied |
|
en.secure.server2.com |
Denied |
Edgecast CDN