URL Validation Settings
OBS is charged based on usage. To prevent user data from being stolen, OBS supports URL validation based on HTTP headers. OBS also supports both whitelist and blacklist settings.
- Whitelist settings
Users can set a whitelist to allow requests from the websites added in the whitelist and deny requests from any other website.
For the requests that are initialized from browsers' address boxes, that is, those HTTP requests with a blank referer, users can add the ${null} field to "Referer" of Condition to specify whether to allow the requests with a blank referer.
Set a whitelist based on the following policy setting:
"Statement":[ {"Sid": "1", "Effect": "Allow", "Principal": {"ID":["*"]}, "Action": "*", "Resource":["bucket/*"], }, {"Sid":"2", "Effect":"Deny", "Principal":{"ID":["*"]}, "Action":["*"], "Resource":["bucket/*"], "Condition":{ "StringNotEquals": {"Referer":["http://www.example01.com","${null}"]} } } ]If you set a whitelist in this way, you can perform operations on resources in buckets only when the value of the referer parameter is www.example01.com or is blank.
- Blacklist settings
You can refer to the following policy settings to set a blacklist for access.
"Statement":[ {"Sid":"1", "Effect":"Deny", "Principal":{"ID":["*"]}, "Action":["*"], "Resource":["bucket/*"], "Condition":{ "StringEquals": {"Referer":["http://www.example01.com","http://www.example02.com"]} } } ]If you set a blacklist in this way, you cannot perform operations on resources in buckets when the value of the referer parameter is www.example01.com or www.example02.com.
Last Article: Bucket Policy Examples
Next Article: IAM User Policy (IAM Policy)
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.