edit-icon download-icon

Anti-leech

Last Updated: Aug 08, 2018

To prevent your data on OSS from being leeched, OSS supports anti-leeching through the referer field settings in the HTTP header. You can configure a whitelist with the referer field for a bucket to allow access only for specified domains to OSS data.

For more information about anti-leaching, see Anti-leeching settings.

Configure the referer whitelist

Use the following code to configure the referer whitelist:

  1. // This example uses endpoint China (Hangzhou). Specify the actual endpoint based on your requirements.
  2. String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
  3. // It is highly risky to log on with AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM account, log on to https://ram.console.aliyun.com.
  4. String accessKeyId = "<yourAccessKeyId>";
  5. String accessKeySecret = "<yourAccessKeySecret>";
  6. String bucketName = "<yourBucketName>";
  7. // Create an OSSClient instance.
  8. OSSClient ossClient = new OSSClient(endpoint, accessKeyId, accessKeySecret);
  9. List<String> refererList = new ArrayList<String>();
  10. // Add the referer field. The referer field allows question marks (?) and asterisks (*) for wildcard use.
  11. refererList.add("http://www.aliyun.com");
  12. refererList.add("http://www.*.com");
  13. refererList.add("http://www.?.aliyuncs.com");
  14. // Configure the referer list for a bucket.
  15. BucketReferer br = new BucketReferer(true, refererList);
  16. ossClient.setBucketReferer(bucketName, br);
  17. // Close your OSSClient.
  18. ossClient.shutdown();

Obtain a referer whiltelist

Use the following code to obtain a referer whiltelist:

  1. // This example uses endpoint China (Hangzhou). Specify the actual endpoint based on your requirements.
  2. String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
  3. // It is highly risky to log on with AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM account, log on to https://ram.console.aliyun.com.
  4. String accessKeyId = "<yourAccessKeyId>";
  5. String accessKeySecret = "<yourAccessKeySecret>";
  6. String bucketName = "<yourBucketName>";
  7. // Create an OSSClient instance.
  8. OSSClient ossClient = new OSSClient(endpoint, accessKeyId, accessKeySecret);
  9. // Obtain the referer list for a bucket.
  10. BucketReferer br = ossClient.getBucketReferer(bucketName);
  11. List<String> refererList = br.getRefererList();
  12. for (String referer : refererList) {
  13. System.out.println(referer);
  14. }
  15. // Close your OSSClient.
  16. ossClient.shutdown();

Clear a referer whitelist

Use the following code to clear a referer whitelist:

  1. // This example uses endpoint China (Hangzhou). Specify the actual endpoint based on your requirements.
  2. String endpoint = "http://oss-cn-hangzhou.aliyuncs.com";
  3. // It is highly risky to log on with AccessKey of an Alibaba Cloud account because the account has permissions on all the APIs in OSS. We recommend that you log on as a RAM user to access APIs or perform routine operations and maintenance. To create a RAM account, log on to https://ram.console.aliyun.com.
  4. String accessKeyId = "<yourAccessKeyId>";
  5. String accessKeySecret = "<yourAccessKeySecret>";
  6. String bucketName = "<yourBucketName>";
  7. // Create an OSSClient instance.
  8. OSSClient ossClient = new OSSClient(endpoint, accessKeyId, accessKeySecret);
  9. // You cannot clear a referer whitelist directly. To clear a referer whitelist, you need to create the rule that allows an empty referer field and replace the original rule with the new rule.
  10. BucketReferer br = new BucketReferer();
  11. ossClient.setBucketReferer(bucketName, br);
  12. // Close your OSSClient.
  13. ossClient.shutdown();
Thank you! We've received your feedback.