- 최신
- 최다 투표
- 가장 많은 댓글
Hi
Thanks for this info. I'm really new to AWS & S3. I looked at the Limiting access to specific IP Addresses help doc and noticed Restricting access to a specific HTTP referer. I've played around with that and can get that to only allow access if the user is coming from the allowed domain.
The help doc says to be careful with aws:Referer. Would you say what I am doing could be dangerous?
I modified the sample policy i.e.
{ "Version":"2012-10-17", "Id":"http referer policy example", "Statement":[ { "Sid":"Allow get requests originating from www.example.com and example.com.", "Effect":"Allow", "Principal":"", "Action":["s3:GetObject","s3:GetObjectVersion"], "Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET/", "Condition":{ "StringLike":{"aws:Referer":["http://www.example.com/","http://example.com/"]} } } ] }
Cheers
I don't think it is possible to restrict from a particular domain but you can restrict the GetObject request to only a set(s) of CIDR addresses. See: Limiting access to specific IP addresses
If you fronted the bucket with CloudFront, you could do something similar using a WAF rule.
관련 콘텐츠
- AWS 공식업데이트됨 3년 전
It is so easy for the client to set the Referer value to what ever they want. It really does not limit access from those domains.