Is there a way to restrict where images can be served (hostname)?

Comments

5 comments

  • Avatar
    Itay Taragano

    If you want to restrict access to your transformed images, Cloudinary supports referral-based whitelisting and blacklisting. This feature is available for our Premium plan. In addition, a custom CNAME must be set-up for your account for that to work. Then you can let us know the domains you want to be whitelisted for your account and we'll do a short manual set-up on our side. This way, anyone which is not from approved domains can't access your images.

    In addition, you can enable the 'Strict transformations' option along with 'Allowed strict referral domains', this means that dynamic transformations can be generated within the specified domains only, while the Strict transformation mode is actually enabled only for domains which are not in the specified list.

    0
    Comment actions Permalink
  • Avatar
    Beachbody Administrator

    Is there any way to secure images in a folder and not an account to internal company staff until they are ready for launch? For example, if we are getting ready to launch a new product and our systems are configured to use the production "account" we want to upload the new images but only have them accessible by people coming from either our company IP addresses or some other restrictive mechanism. Thank you in advance.

    0
    Comment actions Permalink
  • Avatar
    Itay Taragano

    Thank you for your suggestion,

    It's our road-map to support this use-case. In the meantime, you can use a different account for these images and then upload them to your main account when they are ready for launch.

    0
    Comment actions Permalink
  • Avatar
    Luis Elizondo

    Hi Itay,

    I need to restrict access from certain hosts. Your answers here are a little bit old. Can you confirm me this remains the same? Do I have to upgrade to be able to restrict access to images?

    Thank you

    0
    Comment actions Permalink
  • Avatar
    Ido

    Hi Luis,

    If you want to restrict access based on ip then you could use token-based authentication, which requires our pro plan and above.

    Note that you could use other forms of access control which are available for free plans as well, like the strict transformations or signed urls

     

    If you have a specific use case you could open a request at support@cloudinary.com and we would be happy to take a deeper look into it.

    Hope that helps

    0
    Comment actions Permalink

Please sign in to leave a comment.