Join the community today
Register Now

[Solved] - Keycdn, zone referrer and hotlink protection..

Discussion in 'System Administration' started by ModeltogTossen, Feb 3, 2016.

Tags:
  1. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    1:14 PM
    1.9.12
    10.0.23
    Hi ..

    Have to say honestly - the english can be difficult to both read and understand, when its not the native language.

    I have my keycdn working smoothly with my XF site running on centminmod.. I have a cname zone. I wish to activate some kind of hotlink protection of my sites many pictures. For that I do think to utilize the keycdn zonereferrer.. And here it comes - I simply don't understand what I have to do. - Create a Zonereferrer (Hotlink Protection) - KeyCDN Support

    I wish to have hotlink protection in place before I go on an buy BD Attachment Store - so alot more data could be utilize by cdn.

    One of the thing that make it difficult for me is this:

    Do I need both the original zone and my own created cname zone?

    So - are here some other keycdn users who are using hotlink protection that way? Can you perhaps in simple words tell me the few steps here?

    Thanks in advance.
     
  2. eva2000

    eva2000 Administrator Staff Member

    29,033
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,782
    Local Time:
    9:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    probably makes more sense if you actually add the zone referrer as outlined in those 5 steps.. just go to Dashboard Login | Content Delivery Network by KeyCDN and add new zone referrer which is domain origin and select from drop down menu the zone url it's for.
     
  3. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    1:14 PM
    1.9.12
    10.0.23
    @eva2000 - thanks for getting back to me, appreciated..

    Do you mean like this:

    upload_2016-2-2_16-58-44.png

    If so - should I also add one the my domain without www?
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,033
    6,589
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,782
    Local Time:
    9:14 PM
    Nginx 1.13.x
    MariaDB 5.5
    add whatever hostnames you want to whitelist
     
  5. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    1:14 PM
    1.9.12
    10.0.23
    Oh man - so many frustrated hours, and yet so easy... So what can I learn about that - do NOT overthink stuff. :wacky:
     
  6. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    1:14 PM
    1.9.12
    10.0.23
    Think I nailed it - thanks @eva2000 for your kind explanation and help ..

    Tested it as stated on keycdn..

    Code:
    [root@sarah ~]# curl -I -H 'Referer: https://www.sovnk.dk' https://cdn.modeltog-tossen.dk/data/photos/s/0/612-1449956565-7dd9952fe847ac511032e75f49cfde23.jpg
    HTTP/1.1 403 Forbidden
    Server: keycdn-engine
    Date: Tue, 02 Feb 2016 16:23:11 GMT
    Content-Type: text/html
    Content-Length: 1596
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "567092f9-63c"
    
    [root@sarah ~]# curl -I -H 'Referer: https://www.modeltog-tossen.dk' http://cdn.modeltog-tossen.dk/data/photos/s/0/612-1449956565-7dd9952fe847ac511032e75f49cfde23.jpg
    HTTP/1.1 301 Moved Permanently
    Server: keycdn-engine
    Date: Tue, 02 Feb 2016 16:23:42 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://cdn.modeltog-tossen.dk/data/photos/s/0/612-1449956565-7dd9952fe847ac511032e75f49cfde23.jpg
    Expires: Tue, 09 Feb 2016 16:23:42 GMT
    Cache-Control: max-age=604800
    Link: <https://www.modeltog-tossen.dk/data/photos/s/0/612-1449956565-7dd9952fe847ac511032e75f49cfde23.jpg>; rel="canonical"
    X-Shield: active
    X-Edge-Location: frpa
    Access-Control-Allow-Origin: *