S3如何防盗链?我设置了规则,但是上传上去的文件还是所有人可见,还得手工去掉所有人可见?

S3如何防盗链?我设置了规则,但是上传上去的文件还是所有人可见,还得手工去掉所有人可见?

解决方案 »

  1.   

    你可以试试下面的桶策略readonly目录全员可读
    refereronly限制referer的域名
    {
    "Version": "2012-10-17",
    "Statement": [
    {
    "Sid": "everyone can read file",
    "Effect": "Allow",
    "Principal": "*",
    "Action": "s3:GetObject",
    "Resource": "arn:aws:s3:::testpolicy/readonly/*"
    },
    {
    "Sid": "Allow get requests referred by www.example.com and example.com",
    "Effect": "Allow",
    "Principal": "*",
    "Action": "s3:GetObject",
    "Resource": "arn:aws:s3:::testpolicy/refereronly/*",
    "Condition": {
    "StringLike": {
    "aws:Referer": [
    "http://www.example.com/*",
    "http://example.com/*"
    ]
    }
    }
    }
    ]
    }
    参考:https://docs.aws.amazon.com/zh_cn/AmazonS3/latest/dev/example-bucket-policies.html