OBS Buckets Do Not Allow HTTP Requests
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
obs-bucket-ssl-requests-only |
|
Identifier |
bucket-ssl-requests |
|
Description |
If an OBS bucket allows HTTP requests, this bucket is noncompliant. |
|
Tag |
obs, access-analyzer-verified |
|
Trigger Type |
Configuration change |
|
Filter Type |
obs.buckets |
|
Configure Rule Parameters |
None |
Applicable Scenario
This rule prevents data theft and tampering during transmission to OBS.
Solution
To prevent clients from using HTTP to perform OBS operations, you are advised to include the SecureTransport condition in the bucket policy, specifying that only HTTPS requests are allowed. If SecureTransport is set to True, requests must be encrypted using SSL. For details about how to configure Condition and SecureTransport in a bucket policy, see Bucket Policy Parameters.
To block HTTP requests, add the condition: "Condition": {"Bool": {"g:SecureTransport": ["true"]}} to bucket policies.
Rule Logic
- If an OBS bucket denies requests that are not encrypted with SSL, this bucket is compliant.
- If an OBS bucket allows requests that are not encrypted with SSL, this bucket is noncompliant.
- Whether an OBS bucket policy allows requests that are not encrypted with SSL is determined through the SecureTransport or g:SecureTransport parameter.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
