融合 CDN

  • 如何开启时间戳防盗链

    最近更新时间:2018-07-15 14:23:46

    开启时间戳防盗链


    时间戳防盗链是针对域名配置的,可以限制url的访问时间从而达到防盗的效果


    开启方式

    1. 进入portal界面选中需要开启时间戳防盗链的域名


    2. 选择配置后,找到访问控制,选择修改时间戳防盗链配置


    3. 选择开启


    4. 可以自定义key或者使用key生成器来成key值!,建议通过七牛官方的服务器端sdk来生成时间戳防盗链,算法参考 https://developer.qiniu.com/fusion/kb/1670/timestamp-hotlinking-prevention


      以java sdk为例
    package com.qiniu.examples;
    
    import java.io.UnsupportedEncodingException;
    import java.net.MalformedURLException;
    import java.net.URL;
    import java.security.MessageDigest;
    import java.security.NoSuchAlgorithmException;
    
    import com.sun.deploy.net.URLEncoder;
    import org.apache.commons.codec.binary.Hex;
    public class time {
        /**
         * 生成资源基于CDN时间戳防盗链的访问外链
         *
         * @throws MalformedURLException
         * @throws UnsupportedEncodingException
         * @throws NoSuchAlgorithmException
         */
        public static String getAntiLeechAccessUrlBasedOnTimestamp(String url, String encryptKey, int durationInSeconds)
                throws MalformedURLException, UnsupportedEncodingException, NoSuchAlgorithmException {
            URL urlObj = new URL(url);
            String path = urlObj.getPath();
            long timestampNow = System.currentTimeMillis() / 1000 + durationInSeconds;
            String expireHex = Long.toHexString(timestampNow);
            String toSignStr = String.format("%s%s%s", encryptKey, path, expireHex);
            String signedStr = md5ToLower(toSignStr);
            String signedUrl = null;
            if (urlObj.getQuery() != null) {
                signedUrl = String.format("%s&sign=%s&t=%s", url, signedStr, expireHex);
            } else {
                signedUrl = String.format("%s?sign=%s&t=%s", url, signedStr, expireHex);
            }
            return signedUrl;
        }
        private static String md5ToLower(String src) throws UnsupportedEncodingException, NoSuchAlgorithmException {
            MessageDigest digest = MessageDigest.getInstance("MD5");
            digest.update(src.getBytes("utf-8"));
            byte[] md5Bytes = digest.digest();
            return Hex.encodeHexString(md5Bytes);
        }
    
        public static void main(String args[]) {
            //页面上显示的key
            String encryptKey = "438b09a946bb8d8be0984e8a0cabdcba9d8be2ba";
            //空间内资源的名称
            String fileKey = "favicon.ico";
            String encodedFileKey;
            try {
                // 考虑到文件名称会有中文,所以需要做urlencode
                encodedFileKey = URLEncoder.encode(fileKey, "utf-8");
                // 您空间绑定的域名
                String urlToSign = String.format("http://piture.gugaobai.top/%s", encodedFileKey);
                // 有效期
                int duration = 360000;
                String signedUrl = time.getAntiLeechAccessUrlBasedOnTimestamp(urlToSign, encryptKey, duration);
                System.out.println(signedUrl);
            } catch (UnsupportedEncodingException e) {
                e.printStackTrace();
            } catch (MalformedURLException e) {
                e.printStackTrace();
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            }
        }
    }
    



    1. 使用SDK生成带时间戳的URL进行验证通过后,点击确认即配置成功(若检查url未显示“格式错误”,即代表验证通过)
    以上内容是否对您有帮助?
  • Close