[英]Preventing hotlinking on Amazon S3 with CloudFront
I tried preventing hotlinking media files on Amazon S3 with this bucket policy. 我尝试使用此存储桶策略阻止Amazon S3上的热链接媒体文件。
{
"Version": "2008-10-17",
"Id": "my-id",
"Statement": [
{
"Sid": "Allow get requests to specific referrers",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*",
"Condition": {
"StringLike": {
"aws:Referer": "http://sitename.com/"
}
}
},
{
"Sid": "Allow CloudFront get requests",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::amazonaccountid:root"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*"
}
]
}
The ACL is set to private. ACL设置为私有。 I am still unable to get it to accept the files that I am trying to access.
我仍然无法接受我尝试访问的文件。
I tried many different policies that I found here but none of them seem to have any effect. 我在这里尝试了许多不同的策略,但它们似乎都没有任何效果。 The files that I am trying to prevent from hotlinking are .swf files.
我试图阻止热链接的文件是.swf文件。
When I use the exact (bucketname.s3.amazonaws.com) link without the cloudfront, it works. 当我使用没有cloudfront的确切(bucketname.s3.amazonaws.com)链接时,它可以工作。
Here is the bucket policy I used that got it to work. 以下是我使用的存储桶策略。
{
"Version": "2008-10-17",
"Id": "http referer policy",
"Statement": [
{
"Sid": "Allow get requests referred by www.mysite.com and mysite.com",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketname/*",
"Condition": {
"StringLike": {
"aws:Referer": "http://www.mysite.com/*"
}
}
}
]
} }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.