Help Center/ Content Delivery Network/ FAQs/ Troubleshooting/ Why Are All Files in the Bucket Displayed When Users Request a File from an OBS Bucket Connected to CDN?
Updated on 2024-02-26 GMT+08:00

Why Are All Files in the Bucket Displayed When Users Request a File from an OBS Bucket Connected to CDN?

A user that has the read permission on an OBS bucket can read the object list of the bucket. When the user requests the domain name added to CDN, OBS returns the object list by default. You can use any of the following solutions:

  1. If you use an OBS public bucket, perform the following steps to rectify the fault:
    1. Enable static website hosting on OBS. For details, see Configuring Static Website Hosting.
    2. Select Static website hosting on the origin server settings page.
      1. Click the target domain name on the Domains page.
      2. On the Basic Settings tab, locate the corresponding OBS bucket origin server in the Origin Server Settings area.
      3. Click Edit in the Operation column of the origin server and select Static website hosting.
      4. Click OK.

        When Static website hosting is enabled, the object list of the bucket may still be displayed due to cache on PoPs. In this case, purge the cache of the homepage URL.

        • (Recommended) Set Type to URL when purging the cache of homepage URL.
        • Setting Type to Directory will refresh all content in the directory, so CDN will need to pull content from the origin server, increasing the load on the origin server.
  2. If you use an OBS private bucket, create a policy for the CDNAccessPrivateOBS agency to deny listing objects in the bucket.
    1. In the navigation pane of the IAM console, choose Agencies. In the Operation column of CDNAccessPrivateOBS, click Authorize.
    2. On the Authorize Agency page, click Create Policy and set required parameters.
      Table 1 Parameters

      Parameter

      Description

      Policy Name

      Enter a policy name, for example, deny ListBucket.

      Policy View

      Select Visual editor.

      Policy Content

      Effect

      Select Deny.

      Cloud service

      Select Object Storage Service (OBS).

      Actions

      Select obs:bucket:ListBucket.

      Resources

      Select All.

      Request condition

      -

    3. Click Next.
    4. On the Select Policy/Role page, select the created policy and click Next.
    5. On the Select Scope page, click OK. The authorization takes effect 15 to 20 minutes later.
    6. After the authorization takes effect, refresh the CDN cache and try again.