Amazon S3存储桶策略引荐来源 [英] Amazon S3 Bucket Policy Referer
问题描述
我正在尝试编辑S3存储桶配置,以使第3方网站无法链接到其中的内容.另外一个好处是,他们只能访问我域中的内容,而不能访问补充的s3bucket.amazon-east.amazonaws.com或类似的内容.
I'm trying to edit my S3 bucket configuration such that 3rd party sites can not link to content in it. Also an added benefit is that they can only access content from my domain rather than the supplementary s3bucket.amazon-east.amazonaws.com or something to that effect.
文档中有一个专门用于此目的的示例,但是当我为下面的网站复制/粘贴/修改时,它不起作用吗?我仍然收到403错误.当我只取出条件部分时,它允许完全访问,因此引荐部分只有一个问题.
The documentation has an example exactly for this but when I copied/pasted/modified for my website below it does not work? I still get 403 errors. When I take out only the conditional section it allows full access so there is only an issue with the referer section.
这是一小段代码,我在墙上敲打我的脑袋……希望第二只眼睛可以使我对某些我可能会丢失的东西感到启发?
It's such a short piece of code I'm beating my head against the wall on...hoping a second set of eyes could enlighten me on something that's probably obvious that I'm missing?
或者这可能没有什么问题,可能还有其他未配置/未考虑的其他配置?
Alternatively there might not be anything wrong with this and there might be additional configurations elsewhere that I haven't set/considered?
感谢阅读.
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "fml",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.mysite.com/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"http://mysite.com/*",
"http://www.mysite.com/*"
]
}
}
}
]
}
推荐答案
请务必注意,如果您的引荐来源最后包含/*,则它将仅允许该引荐来源的子代提供内容,而不能允许该引荐来源本身的内容.
Its important to note that if your referer includes /* on the end then it will only allow content from children of that referer, but not from that referer itself.
因此,如果您还想包括您的主域,则需要这样做:
So if you want to include your main domain as well, then you would need to do it like this:
"aws:Referer": [
"http://example.com",
"http://example.com/*",
"http://www.example.com",
"http://www.example.com/*"
]
这篇关于Amazon S3存储桶策略引荐来源的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
