防止Amazon Cloudfront热链接 [英] Preventing Amazon Cloudfront hotlinking
问题描述
我使用Amazon Cloudfront托管我所有站点的图像和视频,以便更快地向分布在全球的用户提供服务。我还将相当积极的正向缓存应用于Cloudfront上托管的元素,将 Cache-Control 设置为 public,max-age = 7776000 。
我最近很生气,发现第三方站点正在热链接到我的Cloudfront服务器,以在未经授权的情况下在自己的页面上显示图像。
我已经配置了 .htaccess 来防止在我自己的服务器上进行热链接,但是还没有找到一种方法Cloudfront,它似乎并不本地支持该功能。而且,令人讨厌的是,可用于阻止热链接的亚马逊存储桶策略仅对S3有效,对CloudFront发行版没有影响[链接]。如果要利用这些策略,则必须直接从S3提供内容。
为我的服务器日志查找热链接并手动更改文件名并不是一个现实的选择,尽管我一直在这样做以结束最公然的攻击。 / p>
任何建议都将受到欢迎。
- 转到CloudFront设置
- 编辑分发的分发设置
- 转到行为选项卡并编辑或创建行为
- 将转发标头设置为白名单
- 将引荐来源网址添加为白名单标头
- 将设置保存在底部右上角
请确保也处理原点的Referer标头。
I use Amazon Cloudfront to host all my site's images and videos, to serve them faster to my users which are pretty scattered across the globe. I also apply pretty aggressive forward caching to the elements hosted on Cloudfront, setting Cache-Controlto public, max-age=7776000.
I've recently discovered to my annoyance that third party sites are hotlinking to my Cloudfront server to display images on their own pages, without authorization.
I've configured .htaccessto prevent hotlinking on my own server, but haven't found a way of doing this on Cloudfront, which doesn't seem to support the feature natively. And, annoyingly, Amazon's Bucket Policies, which could be used to prevent hotlinking, have effect only on S3, they have no effect on CloudFront distributions [link]. If you want to take advantage of the policies you have to serve your content from S3 directly.
Scouring my server logs for hotlinkers and manually changing the file names isn't really a realistic option, although I've been doing this to end the most blatant offenses.
Any suggestions would be welcome.
You can forward the Referer header to your origin
- Go to CloudFront settings
- Edit Distributions settings for a distribution
- Go to the Behaviors tab and edit or create a behavior
- Set Forward Headers to Whitelist
- Add Referer as a whitelisted header
- Save the settings in the bottom right corner
Make sure to handle the Referer header on your origin as well.
这篇关于防止Amazon Cloudfront热链接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
