Configuring Public Access Block for a Bucket
Functions
This API creates or modifies the public access block configuration of an OBS bucket by enabling or disabling the feature.
To perform this operation, you must have the PutBucketPublicAccessBlock permission. The bucket owner can perform this operation by default and can grant this permission to others by using a bucket policy or a user policy.

If public access block is enabled, existing public access permissions are ignored and new public access permissions cannot be configured. If public access block is disabled, existing public access permissions continue to apply and new public access permissions can be configured.
Request Syntax
PUT /?publicAccessBlock HTTP/1.1 Host: bucketname.obs.region.myhuaweicloud.com Date: date Authorization: authorization Content-Type: application/xml Content-Length: length <?xml version="1.0" encoding="UTF-8"?> <PublicAccessBlockConfiguration> <BlockPublicAcls>boolean</BlockPublicAcls> <IgnorePublicAcls>boolean</IgnorePublicAcls> <BlockPublicPolicy>boolean</BlockPublicPolicy> <RestrictPublicBuckets>boolean</RestrictPublicBuckets> </PublicAccessBlockConfiguration>
Request Parameters
This request contains no parameters.
Request Headers
This request uses common headers. For details, see Table 3.
Request Elements
This request can use additional elements. For details about additional elements, see Table 1.
Element |
Type |
Mandatory (Yes/No) |
Description |
---|---|---|---|
PublicAccessBlockConfiguration |
XML |
Yes |
Definition: Root node of the PublicAccessBlockConfiguration parameter. Constraints: None Range: None Default value: None |
BlockPublicAcls |
Boolean |
No |
Definition: Whether to prohibit specifying the ACL as public access to a bucket or objects in the bucket. If the parameter is set to true, the following applies:
Constraints: This configuration does not affect existing buckets or objects. Range:
Default value: false |
BlockPublicPolicy |
Boolean |
No |
Definition: Whether to prohibit the configuration of a bucket policy that allows public access to a bucket. If this parameter is set to true, such a bucket policy will fail to be configured and the error "403 Access Denied" will be returned. Constraints: This configuration does not affect existing buckets. Range:
Default value: false |
IgnorePublicAcls |
Boolean |
No |
Definition: Whether to ignore the existing ACL that allows public access to the bucket or objects in the bucket. If this parameter is set to true, the public access ACL of the bucket or objects in the bucket becomes invalid. Constraints: This configuration does not affect existing ACLs or prohibit the configuration of new public access ACLs. Range:
Default value: false |
RestrictPublicBuckets |
Boolean |
No |
Definition: Whether to restrict the existing public bucket policy. If this parameter is set to true, only the cloud service and bucket owner accounts are allowed to access the bucket. Constraints: This configuration does not affect existing bucket policies or prohibit the configuration of new public bucket policies. Range:
Default value: false |
Response Syntax
HTTP/1.1 status_code Date: date
Response Headers
This response uses common headers. For details, see Table 1.
Response Elements
This response contains no elements.
Error Responses
Table 2 describes possible special errors in this request.
Error |
Description |
HTTP Status Code |
---|---|---|
InvalidRequest |
BlockPublicAcls, BlockPublicPolicy, IgnorePublicAcls, and RestrictPublicBuckets are not specified. At least one of them must be specified. |
400 |
MethodNotAllowed |
The involved method is not allowed (the corresponding feature is disabled). |
405 |
For other errors, see Table 2.
Sample Request: Setting All Four Parameters to true
put /?publicAccessBlock HTTP/1.1 User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Accept: */* Date: Sat, 16 Nov 2024 08:59:07 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:75/Y4Ng1izvzc1nTGxpMXTE6ynw= Content-Length: 288 <?xml version="1.0" encoding="UTF-8"?> <PublicAccessBlockConfiguration> <BlockPublicAcls>true</BlockPublicAcls> <IgnorePublicAcls>true</IgnorePublicAcls> <BlockPublicPolicy>true</BlockPublicPolicy> <RestrictPublicBuckets>true</RestrictPublicBuckets> </PublicAccessBlockConfiguration>
Sample Response: Setting All Four Parameters to true
HTTP/1.1 200 OK Server: OBS x-obs-request-id: BF260000016435CE298386946AE4C482 x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCT9W2tcvLmMJ+plfdopaD62S0npbaRUz Date: Sat, 16 Nov 2024 08:59:08 GMT Content-Length: 0
Sample Request: Setting Only BlockPublicAcls to true
PUT /?publicAccessBlock HTTP/1.1 User-Agent: curl/7.29.0 Host: examplebucket.obs.region.myhuaweicloud.com Accept: */* Date: Sat, 16 Nov 2024 08:59:07 GMT Authorization: OBS H4IPJX0TQTHTHEBQQCEC:75/Y4Ng1izvzc1nTGxpMXTE6ynw= Content-Length: 147 <?xml version="1.0" encoding="UTF-8"?> <PublicAccessBlockConfiguration> <BlockPublicAcls>true</BlockPublicAcls> </PublicAccessBlockConfiguration>
Sample Response: Setting Only BlockPublicAcls to true
HTTP/1.1 200 OK Server: OBS x-obs-request-id: BF260000016435CE298386946AE4C482 x-obs-id-2: 32AAAQAAEAABSAAgAAEAABAAAQAAEAABCT9W2tcvLmMJ+plfdopaD62S0npbaRUz Date: Sat, 16 Nov 2024 08:59:08 GMT Content-Length: 0
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot