Why Are All Files in the Bucket Displayed When Users Request a File from an OBS Bucket Connected to CDN?
A user that has the read permission on an OBS bucket can read the object list of the bucket. When the user requests the domain name added to CDN, OBS returns the object list by default. You can use any of the following solutions:
- If you use an OBS public bucket, perform the following steps to rectify the fault:
- Enable static website hosting on OBS. For details, see Configuring Static Website Hosting.
- Select Static website hosting on the origin server settings page.
- Click the target domain name on the Domains page.
- On the Basic Settings tab, locate the corresponding OBS bucket origin server in the Origin Server Settings area.
- Click Edit in the Operation column of the origin server and select Static website hosting.
- Click OK.
When Static website hosting is enabled, the object list of the bucket may still be displayed due to cache on PoPs. In this case, purge the cache of the homepage URL.
- (Recommended) Set Type to URL when purging the cache of homepage URL.
- Setting Type to Directory will refresh all content in the directory, so CDN will need to pull content from the origin server, increasing the load on the origin server.
- If you use an OBS private bucket, create a policy for the CDNAccessPrivateOBS agency to deny listing objects in the bucket.
- In the navigation pane of the IAM console, choose Operation column of CDNAccessPrivateOBS, click Authorize. . In the
- On the Authorize Agency page, click Create Policy and set required parameters.
Table 1 Parameters Parameter
Description
Policy Name
Enter a policy name, for example, deny ListBucket.
Policy View
Select Visual editor.
Policy Content
Effect
Select Deny.
Cloud service
Select Object Storage Service (OBS).
Actions
Select obs:bucket:ListBucket.
Resources
Select All.
Request condition
-
- Click Next.
- On the Select Policy/Role page, select the created policy and click Next.
- On the Select Scope page, click OK. The authorization takes effect 15 to 20 minutes later.
- After the authorization takes effect, refresh the CDN cache and try again.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot