Hi Ricardo- I don’t think ATS has any built in support for signed cookies, but the plug in mechanism should make adding this an easy task. Both the LUA and C++ plugins can set and get HTTP cookies. It shouldn’t be too hard to verify the signature on the cookie instead of the URL.
You could look at the URL signing plugin for inspiration: https://github.com/apache/trafficserver/tree/master/plugins/experimental/url_sig —Eric On Jul 5, 2017, at 4:19 PM, Ricardo Balbinot <[email protected]<mailto:[email protected]>> wrote: Hi everyone, We are developing an applications that uses (sometimes) ATS as a proxy/cache between our client and our origin server (for video files). Our problem is that in some cases the user may access the origin server directly and on other situations it travels through ATS. Anyway, in both cases I need to secure my files (and we want another solution besides DRM for all videos). As I understand, in some cases (video like HLS, for instance) the use of signed URLs its not interesting (I see that now.... cause I need a signed URL for each file). So my question is: is there any kind of support to signed cookies in ATS? Best regards and thank's a lot. Ricardo
