ATS support for signed cookies

[Ricardo Balbinot <rb...@portotech.org>]

Hi everyone,

We are developing an applications that uses (sometimes) ATS as a
proxy/cache between our client and our origin server (for video files).
Our problem is that in some cases the user may access the origin server
directly and on other situations it travels through ATS.
Anyway, in both cases I need to secure my files (and we want another
solution besides DRM for all videos). As I understand, in some cases (video
like HLS, for instance) the use of signed URLs its not interesting (I see
that now.... cause I need a signed URL for each file).
So my question is: is there any kind of support to signed cookies in ATS?

Best regards and thank's a lot.
Ricardo

Re: ATS support for signed cookies

["Eric Friedrich (efriedri)" <ef...@cisco.com>]

Hi Ricardo-
  I don’t think ATS has any built in support for signed cookies, but the plug in mechanism should make adding this an easy task. Both the LUA and C++ plugins can set and get HTTP cookies. It shouldn’t be too hard to verify the signature on the cookie instead of the URL.

You could look at the URL signing plugin for inspiration: https://github.com/apache/trafficserver/tree/master/plugins/experimental/url_sig

—Eric



On Jul 5, 2017, at 4:19 PM, Ricardo Balbinot <rb...@portotech.org>> wrote:

Hi everyone,

We are developing an applications that uses (sometimes) ATS as a proxy/cache between our client and our origin server (for video files).
Our problem is that in some cases the user may access the origin server directly and on other situations it travels through ATS.
Anyway, in both cases I need to secure my files (and we want another solution besides DRM for all videos). As I understand, in some cases (video like HLS, for instance) the use of signed URLs its not interesting (I see that now.... cause I need a signed URL for each file).
So my question is: is there any kind of support to signed cookies in ATS?

Best regards and thank's a lot.
Ricardo