Help Center> Object Storage Service> Console Operation Guide> Permission Control> Application Cases> Restricting Bucket Access to a Specified Address
Restricting Bucket Access to a Specified Address
You can configure a bucket policy to authorize a specified address the permission to access the bucket. This example shows how to deny a client access whose source IP address is within the range of 114.115.1.0/24.
Procedure
- In the navigation pane on the left of OBS Console, choose Object Storage.
- In the bucket list, click a bucket name, and then the Overview page of the bucket is displayed.
- In the navigation pane on the left, choose Permissions > Bucket Policy.
- Click Create.
- In the first row of the template list, click Create Custom Policy on the right.
- Configure the following parameters.
Table 1 Restricting bucket access to a specified address Parameter
Description
Policy View
Visual editor
Policy Name
Enter a custom name.
Policy Content
Effect
Deny
Principal
- Anonymous user
- User Policy: Include specified users.
Resources
- Select the Current bucket and Object in bucket, and then select All objects.
- Resource Policy: Include specified resources.
Actions
- Select * (indicating all actions).
- Operation Strategy: Include selected actions.
Conditions
- Conditional Operator: IpAddress
- Key: SourceIP
- Value: 114.115.1.0/24
- Click Next in the lower right corner to confirm the policy configuration.
- Click Create in the lower right corner of the page to create the bucket policy.
Verification
Initiate an access request from an IP address within the range of 114.115.1.0/24. The access is denied. Initiate an access request from an IP address outside the range of 114.115.1.0/24. The access is allowed.
Scenario
To allow only a specified IP address to access the OBS bucket, set Condition Operator to NotIpAddress and specify the allowed IP address as the Value.
Parent topic: Application Cases
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.