Help Center> Object Storage Service> Console Operation Guide> Data Security> Configuring URL Validation
Updated on 2024-01-26 GMT+08:00
View PDF

Configuring URL Validation

OBS blocks access requests from blacklisted URLs and allows those from whitelisted URLs.

Prerequisites

Static website hosting has been enabled.

Procedure

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the bucket you want to operate to go to the Objects page.
  3. In the navigation pane, choose Overview.
  4. In the Basic Configurations area, click URL Validation. The URL Validation page is displayed.
  5. Click next to the text box of Whitelisted Referers or Blacklisted Referers, and enter the referers.

    Principles for setting Referers:

    • The length of a whitelist or blacklist cannot exceed 1024 characters.
    • Referer format:
      • You can enter multiple referers, each in a line.
      • The referer parameter supports asterisks (*) and question marks (?). An asterisk works as a wildcard that can replace zero or multiple characters, and a question mark (?) can replace a single character.
      • If the referer header field contains http or https during download, the referer must contain http or https.
    • If Whitelisted Referers is left blank but Blacklisted Referers is not, all websites except those specified in the blacklist are allowed to access data in the target bucket.
    • If Whitelisted Referers is not left blank, only the websites specified in the whitelist are allowed to access the target bucket no matter whether Blacklisted Referers is left blank or not.

    If Whitelisted Referers is configured the same as Blacklisted Referers, the blacklist takes effect. For example, if both Whitelisted Referers and Blacklisted Referers are set to https://www.example.com, access requests from this address will be blocked.

    • If Whitelisted Referers and Blacklisted Referers are both left blank, all websites are allowed to access data in the target bucket by default.
    • Before determining whether a user has the four types of permissions (read, write, ACL read, and ACL write) for a bucket or objects in the bucket, check whether this user complies with the URL validation principles of the Referer field.

  6. Click to save the settings.
Parent topic: Data Security