This section explains how to set up geographic location blocking (geo-blocking) and token authentication.
Once a geo-blocking rule is configured, it causes an edge server to use the client IP address to determine a geo location and evaluate against the defined allow or deny list. The configuration of a geoblocking object includes the following:
geoid—array of geo IDs as defined in GeoDefs
Type allow or deny.
Token authentication allows customers to protect content from URL tampering or unauthorized re-use or re-publication via email forwarding or deep linking to content. Using shared secrets defined in the tokens, a URL signature appended to the query string of the resource URL can be validated by the CDN before serving content without contacting the customer environment for authentication.
The configuration of the tokenauth object applies to all tokens defined in the Tokens section and includes the following:
action Currently limited to "fail"
Because token authentication requires the addition of query string parameters to the URL, content manipulation qshmode for assets to be protected using token authentication should typically be set to action: "ignore".