Guide 🛡️ Protect your landing pages from direct access (works with CloudFlare Pages) [BeMob]

[dood]

Most trackers these days have the option to protect your landing pages with a custom PHP code that you need to put in your landing page code. But if you have a simple html landing page, and you want to protect your landing page with PHP script, then you can’t host your page on CloudFlare Pages, and that’s a shame.

What if you COULD host your landers on Cloudflare pages and still protect them in the same way, but without the PHP script?

We’ll just need to “convert” PHP code to CloudFlare Workers code for this to work. Let’s try!

So, BeMob will provide you with something like this:

define('LANDING_SECRET_KEY',  'ODk4ZDc2MjM2MGE4NmRjMmRiY2E3Njg1MDFlZTU0MTIxNjU5YzE1Yw=='); // Your landing secret key  from panel.bemob.com -> Settings -> Tracker

define('SIGNATURE_TTL',  '1 minute'); // How long signature  should be valid. Valid formats are  explained here: http://php.net/manual/en/datetime.formats.php

define('SIGNATURE_GET_PARAM', 'key'); // GET  parameter with BeMob landing signature

$signature =  isset($_GET[SIGNATURE_GET_PARAM]) ? rawurldecode($_GET[SIGNATURE_GET_PARAM]) : exit('Access denied');

if  (!$signature = base64_decode($signature)) {

     exit('Access denied');

}

if (!$signature = json_decode($signature,  true)) {

    exit('Access  denied');

}

if (!isset($signature['timestamp']) || !isset($signature['hash'])) {

     exit('Access denied');

}

$signedHash = hash_hmac('sha1',  $signature['timestamp'], LANDING_SECRET_KEY);

if ($signedHash !== $signature['hash'] ||