I have CloudView signed URLs that work fine in PHP. Bucket policies work with HTTP servers on S3, but since Cloudfront does not support HTTP link checking, I only need to submit the file to one IP address (the client that requested the file and generated a signed URL or ideally my web server) .
Can someone help me add an IP address element in JSON code to make it work?
"IpAddress":{"AWS:SourceIp":"192.0.2.0/24"},
I got lost with PHP and a political expression, but I think it can be easy for someone who knows: http://tinyurl.com/9czr5lp
It encodes / signs a bit differently for user policy: http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html#private-content-custom- policy-statement
The following is an AWS example and works, except that the IP address is not blocked.
I can check it out very quickly if someone can give me a hand in two minutes!
Thank you MASSIVE for any help :)
John
function getSignedURL($resource, $timeout) { $keyPairId = "XXXXXXXXXXXX"; $expires = time() + $timeout; $json = '{"Statement":[{"Resource":"'.$resource.'","Condition":{"DateLessThan": {"AWS:EpochTime":'.$expires.'}}}]}'; $fp=fopen("pk-XXXXXXXX.pem","r"); $priv_key=fread($fp,8192); fclose($fp); $key = openssl_get_privatekey($priv_key); if(!$key) { echo "<p>Failed to load private key!</p>"; return; } //Sign the policy with the private key if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1)) { echo '<p>Failed to sign policy: '.openssl_error_string().'</p>'; return; } //Create url safe signed policy $base64_signed_policy = base64_encode($signed_policy); $signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy); //Construct the URL $url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId; return $url; } $url = getSignedURL("http://s675765.cloudfront.net/filename.mp4", 600); print $url;