Our current S3 policy reads as:
{
"Version": "2008-10-17",
"Id": "45103629-690a-4a93-97f8-1abe2f9bb68c",
"Statement": [
{
"Sid": "AddPerm",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::incredibad29/*"
}
]
}
This just allows anyone to access files from within.
We want to add a hotlinking statement, so users can ONLY acccess the file if referred from our site. So from a domain starting with incredibad29.com or www.incredibad.com
I just can't figure out how to do this. Any help would be amazing, thank you!
If it is for images and other media types, there is a known hack that uses content type headers:
There's a workaround that you may use to block hotlinking of selective images and files that you think are putting a major strain in your Amazon S3 budget. When you upload a file to your Amazon S3 account, the service assigns a certain Content-Type to every file based on its extension. For instance, a .jpg file will have the Content-Type set as image/jpg while a .html file will have the Content-Type as text/html. A hidden feature in Amazon S3 is that you can manually assign any Content-Type to any file, irrespective of the file's extension, and this is what you can use to prevent hotlinking.
From: http://www.labnol.org/internet/prevent-image-hotlinking-in-amazon-s3/13156/
I think this is pretty much the basic technique. However, if you skim the 6350 results for ` google s3 hotlinking deny you might find alternative ways :)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.