Recently, while working on Akamai integration, we need to restrict some content from direct access i.e. restricting viewing/downloading documents with direct public URLs, as part of on of business requirement. The answer to this business problem lies within property manager configuration.
We can set up this protection through Property Configuration Settings on our Digital property using Pre-defined Rules and appropriately grouping them. In our case, we want the documents to be accessible only it they are browsed through our web application and if any user tries to copy the direct URL and share across social media, such URLs should be denied access for viewing as well as downloading.
As part of solution, it can be implemented by simply applying below rules:
Create parent rule that provides the section or directory on which these rules should be applicable.
The parent rule is named “Auth” and is used to perform a simple path check.
In this case, check for the path /assets/*. If this matches, then we move onto the two child rules. If this does not match, then the child rules are skipped.
You can replace this check with whatever you think is appropriate in your case. I am matching on a path, but there are a lot of match criteria options. So now any request with /assets/ in the path will match this rule, and we will move onto the child rules.
Create one child rule from pre-defined template “Deny Without Referer Header“
Here I am looking for “Referer” header in resource request. If “Referer” header is not present, further access gets blocked. So, this will tackle the scenario where direct public access to any document within /assets path is restricted for any users. End user would be presented with “Access denied” message.
Create second child rule from pre-defined template “Only Allow Specific Referrer” for white-listing allowed referers.
Next child rule is white-listing our domains so that any redirection from our website should be white-listed with appropriate access to view and download. A request for document coming from a website which is not owned by us would again gets blocked.
Save your configuration and try it on Staging.