Updated on 2024-04-16 GMT+08:00

Restricting Access to a Bucket for Specific Addresses

You can configure a bucket policy to restrict access to a bucket for specific addresses. This example describes how to deny access from clients whose IP address is in the range of 114.115.1.0/24 to a bucket.

Procedure

  1. In the bucket list, click the bucket you want to operate to go to the Objects page.
  2. In the navigation pane, choose Permissions > Bucket Policies.
  3. Click Create.
  4. Configure parameters listed in the table below.

    Table 1 Restricting access to a bucket for specific addresses

    Parameter

    Description

    Configuration method

    Choose Visual Editor.

    Policy Name

    Enter a custom policy name.

    Policy content

    Effect

    Select Deny.

    Principals

    • Select All accounts.

    Resources

    • Method 1:
      • Select Entire bucket (including the objects in it).
    • Method 2:
      • Select Current bucket and Specified objects.
      • Set the resource path to * (indicating all objects in the bucket).

    Actions

    • Choose Customize.
    • Select * (indicating all actions).

    Conditions

    • Key: Select SourceIp.
    • Condition Operator: Select IpAddress.
    • Value: Enter 114.115.1.0/24.

  5. Click Create in the lower right corner.

Verification

Initiate an access request from an IP address in the range of 114.115.1.0/24. The access is denied. Initiate an access request from an IP address beyond the range of 114.115.1.0/24. The access is allowed.