cloudfront signed urls ip address


I have Signed URLs on Cloudfront working fine in PHP. Bucket policies work with HTTP referrers on S3 but because Cloudfront doesn’t support HTTP referrer checks I need to serve a file to one IP address only (the client that requested the file and generated the signed URL or my web server ideally).

Can someone please help me add the IP Address element to the JSON code so it works?

I’m lost with the PHP and Policy Statement but think it might be easy for someone who knows:

It does encoding/signing a bit differently for a custom policy:

The below is an AWS example and works except not for the IP Address lock in.

I can test this very quickly if someone can please give me a hand for two minutes!

Thanks MASSIVELY for any help 🙂



This is a valid JSON string with filled and escaped values.
If you pass the IP address as a variable make sure you escape the /


Have a look at the php json extension
This would make things quite easier:

example statement as php array

Leave a Reply