ChinaCache

ChinaCache Hotlinking Prevention Solution

Edit

As paid subscription-based membership becomes more prevalent, video streaming companies cannot put more emphasis on the importance of content protection and hotlinking prevention. On top of ChinaCache’s video CDN service capacity, to ensure clients’ content security, ChinaCache includes tokens in streaming URLs provided to end users to authenticate each request.

A legitimate end user request content from ChinaCache through a specified URL, which ChinaCache obtains and analyzes the URL’s time stamp (when it is generated), expiration time and MD5 hash value. If the request passes the validation, content will be returned to the end user; if not, a 403 Forbidden error will be returned instead.

ChinaCache hotlinking prevention strategy: time stamp + customized MD5 validation rules

  • Depending on the service, ChinaCache offers flexible link expiration time configuration.
  • Hotlinking prevention parameters are included in the URL.

The following steps demonstrate how ChinaCache prevents hotlinking:

  1. Receive the current streaming URL, http://domain_name/path?param
  2. Add CDN hotlink prevention parameters, http://domain_name/path?param&ccsecret=SECRET, in which “SECRET” is secretlevelUnixtime:MD5(path&secretlevel&Unixtime&key)

Parameter explanations:

Path: URL path (query string not included)

Secretlevel:  It represents link expiration time. It is customizable based on clients’ requests.

Unixtime: Unix time stamp. It indicates the time when the URL is generated, in the number of seconds passed since 0:00:00 UTC, January 1, 1970.

Key: a unique keyword used in validating requests. It can be changed periodically.

Sample authentication procedures:

  1. ChinaCache receives a streaming request, http://vod.ccgslb.cn/88888905/16/20190213/272618350/272618350.mp4?servicetype=0&ccsecret=a1550030400:fba9575192972dcbd7762874780b0b22
  2. The following information is obtained from the request:
  • Path: /88888905/16/20190213/272618350/272618350.mp4
  • Secretlevel: a, for example, secretlevel “a” can indicate 10 minutes expiration time
  • Unixtime: 1550030400. The URL was generated 1550030400 seconds pass 0:00:00 UTC Jan 1, 1970. If the request comes in after 10 minutes or 600 seconds has passed since the generation of the URL, the end user will get a 403 Forbidden error message.
  • MD5 value: fba9575192972dcbd7762874780b0b22
  1. The keyword can be found in the configuration document, which in this case is ccvod2019.
  2. Calculate the MD5 value using path, secretlevel, unixtime and key information: SECRET=secretlevelUnixtime:MD5(path&secretlevel&Unixtime&KEY)=a1550030400:MD5(/88888905/16/20190213/272618350/272618350.mp4&a&1550030400&ccvod2019)=a1550030400: fba9575192972dcbd7762874780b0b22
  3. The MD5 value obtained from the calculation matches with the MD5 value in the streaming request, meaning the validation is successful, and the streaming content will be returned to the end user.

With years of experience in providing hotlinking prevention solutions, many video streaming websites trust ChinaCache to stop bandwidth theft. Click here to learn more about our live streaming/VOD acceleration services.

Skip to toolbar Log Out