Generate expiring urls for Amazon S3 via a WordPress Plugin
I am a .net developer and haven’t done any PHP work ever. But i use WordPress and for some time now i been looking for a plugin that could generate a URL for Amazon S3 that is “signed” and will expire after a certain amount of time.
I posted the question on both wordpress and amazon forums but haven’t got any replies. Well .. maybe i did not explain my problem good or nobody else is interested in this.
So i figured i had to take care of this myself. And as i said. I’m a total newbie in both PHP and WordPress plugins so my plugin is probably really really stupid and i would be happy if somebody could send suggestions how to make it better. But it works.
How does it work?
You just add
[S3 bucket=yourbucket text=your link text]the_object_name.txt[/S3]
to your post or page and it will generate a expiring urls that no leecher can link to. If you don’t supply and link text it will not generate a link and just print the URL. I use the same bucket names as URL’s (like netplay.whoa.nu) and if you use Amazon standard urls you must change this.
Download: Amazon S3 URL Generator
Thanks to this guy for the PHP script i based this on.
[...] Amazon S3 Expiring URL Generator [...]
[...] Amazon S3 Expiring URL Generator [...]
[...] Amazon S3 Expiring URL Generator [...]
[...] Amazon S3 Expiring URL Generator [...]
This seems pretty promising. A few questions:
–So this actually puts the “safe” links on the WP page or post, generating it on the fly based on the object name/path?
–Where are you saving the access key and the secret key? Amazon says they are supposed to be saved and worked with on a secure server so that nobody can ever learn your secret key. I’d want to make sure of the safety of this before I tried your plugin.
–Does your plugin allow for alteration of the expiration time?
Hi Mark!
1. Yes, it generates a “safe” url so that you can put your object in a bucket to “read only”.
2. I store it with the regular “Save options” thing in wordpress. I suppose it stores it in clear text in the DB. But i don’t really know exactly how that works. I guess i should use some kind of encryption for it.
3. Yes, you can set the expiration time in an option in WordPress.
And as i say in the post, I’m no PHP developer so i pretty much “freestyled” this plugin because i was desperate for one. I do not guarantee anything really, but i wanted to share it so someone else in the same situation as me could use it.
Thanks for the info. I guess, then, that my two main considerations are the encryption/security issue, and the fact that I am looking to create these URLs for subscribers to my mailing list to get a free download, which means I don’t want them published on my site at all. I suppose I could just have a draft post that only I use myself to generate the URLs — your plugin so far seems to be my best bet for creating the URLs at all without hiring a programmer! Which then brings it all back to the encryption issue. If your plugin stored the Secret Key in a way that ensure its safety, I’d probably be all over it!
If you check out this URL
http://www.fused.org.uk/2008/08/s3-query-string-authentication-generator/
It was the script i used to actually generate the URLs. If you just have access to some sort of PHP server you can just run the script once to generate a url that works for X number of days and then you can remove your key and stuff from the file .. should work in this scenario.
It was actually at that page that I found out about your plugin.
Obviously PHP is running in my hosting account, since I run WordPress. I’d thought of that myself, just running and wiping things out so the Secret Key never really resided anywhere for long. Seems a little tedious, but probably better than no solution at all. Food for thought.
Meantime, I’ll keep an eye out for anytime you might add encryption to the plugin. Thanks again for the conversation.
I just gave your plugin a shot. Figured I could take the same approach with your plugin — just remove the key after creating a URL. Got some URLs generated, but they didn’t work. Error said:
“SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. Check your key and signing method.”
I confirmed that I had the proper 2 keys entered and saved in the specs. Any thoughts?
Hmm, don’t know really. What URL did you use on the bucket attribute? I use my dns names and it works fine for me. I maybe can have a look on it tommorow and see what i can find.
I’m drinking beer right now and is going to Thailand on Sunday, but will have a quick look tommorow!
Thanks for helping out, whenever your can
I quickly realized that just putting in the bucket name alone where your code asks for it was not enough for a proper URL, so I put the whole root address. For a file called test.txt in a bucket called theoffhandband I put in the following code in my post:
[S3 bucket=theoffhandband.s3.amazonaws.com text=Test]test.txt[/S3]
There’s nothing wrong with the URL. I temporarily set the file to be Readable by everyone, and I was able to access it no problem with http://theoffhandband.s3.amazonaws.com/test.txt in my browser, and then when I set the permissions back, it went Access Denied again.
So it appears there’s something wrong with the query-string-authentication URL only, and in particular according to that error something wrong with the calculation of the signature.
Thanks again for your help!
im getting the same error as mark s….
−
The request signature we calculated does not match the signature you provided. Check your key and signing method.
−
Hmm .. i guess i have to take a look at that. I think it is because i use custom urls. Will test it without custom url and see if i get the same error later.
How can this script even work?
You just sign the simple request “GET\n\n\n{$expires}\n/{$bucket}/{$resource}”
But when you click on a link in e.g. FireFox the GET request will have lots of other information like Host, User-Agent, Accept-* etc.
The signed request will not be near the same as the actual request sent.
Has anyone got it working with private files?
Hello!
Very Interesting post! Thank you for such interesting resource!
PS: Sorry for my bad english, I’v just started to learn this language
See you!
Your, Raiul Baztepo
Wonderful site. hope to come back again soon,,
I am looking for a solution to deliver content and avoid hotlinking to S3. I was really hoping this is working but it is not for me. Has anyone been successful or found other solutions that don’t cost developer time and money?
I’m sorry but i don’t know why it doesn’t work for you guys. It works fine for me ..
I really do not have any time to fix this but would love if some skilled PHP developer could make a new and improved version of this.
Another option to consider is S3FlowShield. It is a commercial plugin that does what is described in this post and more. The developer is continually adding features and is very responsive to support requests and questions.
http://www.s3flowshield.com
Wes
Hi,
Works in WordPress 2.9.2?
Thanks.
Thanks very much for taking your time to create this very useful infos
Hi Ola, great work for a first WordPress plugin.
The reason this is not working for users (like myself) who use the standard S3 bucket names like BUCKETNAME.s3.amazonaws.com is that only BUCKETNAME should be in the $string_to_sign, not the entire BUCKETNAME.s3.amazonaws.com . For people using CNAMES for their S3 buckets, like s3.MYDOMAIN.COM , the entire s3.MYDOMAIN.COM needs to be in $string_to_sign.
The simplest fix is to change line 30 from:
$string_to_sign = “GET\n\n\n{$expires}\n/{$bucket}/{$resource}”;
to:
$string_to_sign = “GET\n\n\n$expires\n/”.str_replace(‘.s3.amazonaws.com’, ”, $bucket).”/$resource”;
This should work for both standard S3 bucket names and CNAMES.
Thanks!
I have updated it now to version 0.6 and hopefully it resolves the issues people have had.
If you have more suggestions and changes i would be glad to add you as a developer on the plugin
Hey guys.
Thanks for this plugin. Good work
But… I have a little problem with it.
I typed in:
[S3 bucket=domainname text=Download]amazon.rar[/S3] and it redirects to domainname/amazon.rar?AWSAccessKeyId=and stuff like that…
What am I doing wrong
?
Alex, use:
[S3 bucket=BUCKETNAME.s3.amazonaws.com text=Download]amazon.rar[/S3]
where BUCKETNAME is the name of the bucket you created in your Amazon S3 account
[...] with the Amazon S3 for WordPress Plugin a nice plugin is the Amazon S3 URL Generator, this plugin allows for dynamic generation of expiring URLs to your media stored in S3. This [...]
I love the plugin works great!! Much easier to work with, but I am a big WordPress guy so I prefer to do everything in WordPress…So agin thank you!
@chrisegg
Hi!
Could you tell me, if it works with Amazon CloudFront?
I have no idea actually. Would be great if you could try it and report here if it works or not!
Um, I’ve tested, but it doesn’t. Anyway, thanks for great plugin!
Plugin is not working at all:
http://www.internettraininglab.com/rolodex/
Below that page is an anchor text “your link text”
Thanks for you help.