我有以下AWS存储桶策略来限制对我的Amazon S3网址的访问:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "Allowinmydomains",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::MyBucket/*",
"Condition": {
"StringLike": {
"aws:Referer": [
"http://www.example.com/*",
"http://example.com/*"
]
}
}
},
{
"Sid": "Givenotaccessifrefererisnomysites",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::MyBucket/*",
"Condition": {
"StringNotLike": {
"aws:Referer": [
"http://www.example.com/*",
"http://example.com/*"
]
}
}
}
]
}
上述存储分区策略适用于除Safari之外的所有浏览器。在线进行研究,由于Safari浏览器没有发送任何引用标题,因此它可能无法正常工作。
任何使这个存储桶策略适用于所有浏览器的方法,还是有另一种拒绝访问亚马逊存储桶的方法,以防止从我的网站外部链接和下载文件?
谢谢!
答案 0 :(得分:1)
尝试以下存储桶策略。您需要确保您的ACL不允许公开访问您的文件,并且您的存储桶策略中没有任何其他规则允许访问(通过绕过这些规则):
{
"Version":"2008-10-17",
"Id":"Bucket policy",
"Statement":[
{
"Sid":"Allow GET requests referred by www.example.com and example.com",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::example-bucket/*",
"Condition":{
"StringLike":{
"aws:Referer":[
"http://www.example.com/*",
"http://example.com/*"
]
}
}
},
{
"Sid":"Allow GET requests that don't specify a referrer (e.g. from Safari, Flash, etc.)",
"Effect":"Allow",
"Principal":"*",
"Action":"s3:GetObject",
"Resource":"arn:aws:s3:::example-bucket/*",
"Condition":{
"Null":{
"aws:Referer":true
}
}
}
]
}
答案 1 :(得分:0)
另一个选择是强制referrer用于Safari:
<meta name="referrer" content="always">
或:
<meta content="origin" id="mref" name="referrer">