如何仅将Cloudfront访问限制为我的域？ [英] How to restrict Cloudfront access to my domain only?

问题描述

我需要找到解决方法。基本上我只有一个.m3u8视频，我想限制它只能在我的域中播放。基本上，人们现在在做什么，就是在偷我的视频并在他们的网站上播放，这会导致超载和大量带宽...

i need to find a solution how to do it. Basically i have one .m3u8 video and i want to restrict it to be only played on my domain. Basically what are people doing right now, is stealing my video and playing on their sites, which causes big overload and a lot of bandwidth...

d23ek3kf.cloudfront.net /video.m3u8> mydomain.com>视频可访问

d23ek3kf.cloudfront.net/video.m3u8 > mydomain.com > video accessable

d23ek3kf.cloudfront.net/video.m3u8> randomdomain.com>视频不可访问

d23ek3kf.cloudfront.net/video.m3u8 > randomdomain.com > video not accessable

推荐答案

此解决方案不会阻止任何人下载您的内容并将其上传到他们自己的网站，但是它确实阻止了其他网站将其热链接到您的内容

This solution does not prevent anyone from downloading your content and the uploading it to their own site, but it does prevent other sites from hot-linking to your content.

创建 Lambda @ Edge 查看器请求触发器。这样一来，您就可以在检查缓存之前检查请求，并允许处理继续进行或返回生成的响应。

Create a Lambda@Edge Viewer Request trigger. This allows you to inspect the request before the cache is checked, and either allow processing to continue or to return a generated response.

'use strict';

exports.handler = (event, context, callback) => {

  // extract the request object
  const request = event.Records[0].cf.request;

  // extract the HTTP `Referer` header if present
  // otherwise an empty string to simplify the matching logic
  const referer = (request.headers['referer'] || [ { value: '' } ])[0].value;

  // verify that the referring page is yours
  // replace example.com with your domain
  // add other conditions with logical or ||
  if(referer.startsWith('https://example.com/') ||
     referer.startsWith('http://example.com/'))
  {
    // return control to CloudFront and allow the request to continue normally
    return callback(null,request);
  }

  // if we get here, the referring page is not yours.
  // generate a 403 Forbidden response
  // you can customize the body, but the size is limited to ~40 KB

  return callback(null, {
    status: '403',
    body: 'Access denied.',
    headers: {
      'cache-control': [{ key: 'Cache-Control', value: 'private, no-cache, no-store, max-age=0' }],
      'content-type': [{ key: 'Content-Type', value: 'text/plain' }],
    }
  });
};

这篇关于如何仅将Cloudfront访问限制为我的域？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！