4

我尝试使用此存储桶策略防止在 Amazon S3 上热链接媒体文件。

{
"Version": "2008-10-17",
"Id": "my-id",
"Statement": [
    {
        "Sid": "Allow get requests to specific referrers",
        "Effect": "Allow",
        "Principal": {
            "AWS": "*"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::bucketname/*",
        "Condition": {
            "StringLike": {
                "aws:Referer": "http://sitename.com/"
            }
        }
    },
    {
        "Sid": "Allow CloudFront get requests",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::amazonaccountid:root"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::bucketname/*"
    }
]
}

ACL 设置为私有。我仍然无法让它接受我试图访问的文件。

我尝试了许多在这里找到的不同策略,但似乎都没有任何效果。我试图阻止热链接的文件是 .swf 文件。

当我使用没有云端的确切 (bucketname.s3.amazonaws.com) 链接时,它可以工作。

4

1 回答 1

4

这是我用来让它工作的存储桶策略。

{
"Version": "2008-10-17",
"Id": "http referer policy",
"Statement": [
    {
        "Sid": "Allow get requests referred by www.mysite.com and mysite.com",
        "Effect": "Allow",
        "Principal": "*",
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::bucketname/*",
        "Condition": {
            "StringLike": {
                "aws:Referer": "http://www.mysite.com/*"
            }
        }
    }
]

}

于 2013-09-10T11:41:27.383 回答