Content Protection & Monetization
Highwinds enables the configuration of content protection policies inside the StrikeTracker 2 console, often with just a single click. By setting policies that are enforced by the CDN, your content can only be delivered through the workflow you determine.
URL Signing is the most popular content protection product offered by Highwinds. CDN account owners publish content with a query string parameter token that includes an optional time-to-live (TTL). This private token can only be generated by the publisher and can be used to create unique publishing URLs for each end user request.
URL security prevents free distribution of content outside the workflow designated by the publisher:
- If an end user tampers with the URL, their request for CDN content is denied
- If a URL has a TTL in the past, end user requests for CDN content are denied
- Supports optional IP address and User-Agent enforcement
- Use partial URL signing to provide folder-level access to content, or groups of files using a common prefix
HTTP Referrer Restriction
HTTP Referrer restriction is a security product that prevents CDN publishing URLs from being freely distributed on unauthorized websites (also known as hot linking or deep linking). Publishers configure one or more websites that end users can visit and successfully request content hosted by the CDN. When an end user request is made, Highwinds compares the HTTP Header Referrer field with the list of approved websites. If the end user is not visiting an approved website, the CDN will issue an HTTP 403 – Access Denied response.
Geoblocking allows publishers to restrict content to end users in specified locations. The IP address of incoming requests is checked against a current list of IP allocations. If an end user's IP address is not found in the exclude list, they are allowed access to the content by default. The feature has both include and exclude lists which are used to target the allowed audience.
- Geoblocking Granularity: ASN, Continent, Country, Region, City, Postal Code, Area Code, and DMA (US Metro Code)
HTTP Basic Authentication
With Basic HTTP Authentication, end users are prompted to enter login credentials that are approved by the customer's web server before the media is delivered. HTTP Authentication policies are enabled and managed in the StrikeTracker 2 portal.