How to restrict Cloudfront access to my domain only?

问题

i need to find a solution how to do it. Basically i have one .m3u8 video and i want to restrict it to be only played on my domain. Basically what are people doing right now, is stealing my video and playing on their sites, which causes big overload and a lot of bandwidth...

d23ek3kf.cloudfront.net/video.m3u8 > mydomain.com > video accessable

d23ek3kf.cloudfront.net/video.m3u8 > randomdomain.com > video not accessable

回答1:

The way to do it is using signed URLs. Your website will generate signed URLs for the video that is being played that the user wants to play and cloudfront will allow the content to be downloaded. Signed URLs exire after a specified amount of time.

Any other website will just have he link of the video which is not enough to download the video. Take a look at AWS documentation here to understand the details and mechanism to achieve it. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html

回答2:

This solution does not prevent anyone from downloading your content and the uploading it to their own site, but it does prevent other sites from hot-linking to your content.

Create a Lambda@Edge Viewer Request trigger. This allows you to inspect the request before the cache is checked, and either allow processing to continue or to return a generated response.

'use strict';

exports.handler = (event, context, callback) => {

  // extract the request object
  const request = event.Records[0].cf.request;

  // extract the HTTP `Referer` header if present
  // otherwise an empty string to simplify the matching logic
  const referer = (request.headers['referer'] || [ { value: '' } ])[0].value;

  // verify that the referring page is yours
  // replace example.com with your domain
  // add other conditions with logical or ||
  if(referer.startsWith('https://example.com/') ||
     referer.startsWith('http://example.com/'))
  {
    // return control to CloudFront and allow the request to continue normally
    return callback(null,request);
  }

  // if we get here, the referring page is not yours.
  // generate a 403 Forbidden response
  // you can customize the body, but the size is limited to ~40 KB

  return callback(null, {
    status: '403',
    body: 'Access denied.',
    headers: {
      'cache-control': [{ key: 'Cache-Control', value: 'private, no-cache, no-store, max-age=0' }],
      'content-type': [{ key: 'Content-Type', value: 'text/plain' }],
    }
  });
};

来源：https://stackoverflow.com/questions/51002710/how-to-restrict-cloudfront-access-to-my-domain-only