开发者

Prevent image hotlinking; only allow referer and redirected requests?

问答 作者:

I have some images in a bucket on S3. My app uses these images. What I want is the following:

  • Only allow the image to be accessed if:
    1. The referer is my site - This I can already do with a bucket 开发者_C百科policy
    2. The user was redirected from my site

The problem is the redirect here, because, when redirected, no referer is sent to Amazon S3.

Is there a way to limit access to my S3 files in the way I described above?

My current bucket policy looks like this:

{
    "Version": "2008-10-17",
    "Id": "e9c9be4d-cdfc-470c-8582-1d5a9e4d04be",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::mybucket/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": "http://myapp.com/*"
                }
            }
        }
    ]
}

  • Have your files be private.
  • Use signed URLs in the links/redirects to your images.
    • The signed URLs include an expiration; Amazon will not show your image past the expiration.
    • The signed URLs cannot be forged; Amazon will not show your image if the signature is missing or invalid.

This guy appears to have solved the problem:

http://www.powercram.com/2010/07/s3-bucket-policy-to-restrict-access-by.html

继续阅读:amazon-s3amazon-web-servicesredirectruby-on-rails-3

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9