Secured S3/Cloudflare content
I have a WP site using the Academy theme, with video and download content hosted on Amazon S3, with CloudFlare handling Edge Server duties. Right now the S3 bucket is public, which kinda sucks, and even if I locked it down the CloudFlare URL would be directly usable. I am exploring things like having the logged in part of the site be a sub domain, then setting up cloud flare to only service links from that sub domain. Then only logged in customers could access the materials, all direct links would be refused.
So, wondering first if Academy theme can be configured for this dual subdomain situation? Or, is there another approach for this situation? It seems like there has to be something, since so many WP hosting solutions just aren’t great when it comes to hosting heavy things like video.
EDIT: That’s CloudFront, not CloudFlare. Subtle but important difference. 😉
I’ll have to look into Vimeo, but so far S3 has been a very affordable and performant option. I have verified that CloudFront does allow for a Firewall rule that checks the Referrer, so I can at least limit access to links on my web site. But, if Academy theme supports having the membership parts of the site on a subdomain like Members.Domain.Com then I could lock things down even more. Just not sure if that is even possible, as both Academy and WordPress would need to have that ability.
Hmm, cookies gets into other issues I don’t want to deal with. I suspect I will just go with referrals from my domain and accept that it could be spoofed. It’s not 100% locked, but it’s not an open door either.
You must be logged in to reply to this topic.