Reputation: 91
How to restrict Cloudfront access to my domain only?
i need to find a solution how to do it. Basically i have one .m3u8 video and i want to restrict it to be only played on my domain. Basically what are people doing right now, is stealing my video and playing on their sites, which causes big overload and a lot of bandwidth...
d23ek3kf.cloudfront.net/video.m3u8 > mydomain.com > video accessable
d23ek3kf.cloudfront.net/video.m3u8 > randomdomain.com > video not accessable
Upvotes: 3
Views: 2821
Answers (2)
Reputation: 4426
The way to do it is using signed URLs. Your website will generate signed URLs for the video that the user wants to play and cloudfront will allow the content to be downloaded. Signed URLs expire after a specified amount of time.
Any other website will just have the link of the video which is not enough to download the video. Take a look at AWS documentation here to understand the details and mechanism to achieve it. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
Upvotes: 1
Reputation: 178956
This solution does not prevent anyone from downloading your content and the uploading it to their own site, but it does prevent other sites from hot-linking to your content.
Create a Lambda@Edge Viewer Request trigger. This allows you to inspect the request before the cache is checked, and either allow processing to continue or to return a generated response.
'use strict';
exports.handler = (event, context, callback) => {
// extract the request object
const request = event.Records[0].cf.request;
// extract the HTTP `Referer` header if present
// otherwise an empty string to simplify the matching logic
const referer = (request.headers['referer'] || [ { value: '' } ])[0].value;
// verify that the referring page is yours
// replace example.com with your domain
// add other conditions with logical or ||
if(referer.startsWith('https://example.com/') ||
referer.startsWith('http://example.com/'))
{
// return control to CloudFront and allow the request to continue normally
return callback(null,request);
}
// if we get here, the referring page is not yours.
// generate a 403 Forbidden response
// you can customize the body, but the size is limited to ~40 KB
return callback(null, {
status: '403',
body: 'Access denied.',
headers: {
'cache-control': [{ key: 'Cache-Control', value: 'private, no-cache, no-store, max-age=0' }],
'content-type': [{ key: 'Content-Type', value: 'text/plain' }],
}
});
};
Upvotes: 3
Related Questions
- Restrict access to a particular CloudFront distribution using IAM
- Allow only CloudFront to read from origin servers?
- How to disable access to cloudfront via the *.cloudfront.net url?
- How to allow only cloudfront to access my api (elb)load balancer hosted on ec2 in AWS?
- Allow CloudFront to access S3 origin while also having S3 bucket Block all public access?
- How to prevent direct access to cloudfront domain name and instead only via custom domain
- How to restrict access to origin for CloudFront only?
- AWS Restrict access from cloudfront to load balancer
- Restrict access to AWS Cloudfront hosted content
- How to allow CloudFront to access certain S3?