To minimize image piracy, you must restrict access to the image URLs. This way, anonymous visitors can obtain only the URLs of thumbnailed or watermarked images. In this case, source image protection can address this need.

Background information

When source image protection is enabled for a bucket, images stored in OSS cannot be accessed through URLs in either of the following formats:

  • Object URLs in format of http://bucket.<endpoint>/object
  • Object URLs that include IMG parameters to obtain a thumbnail. Format: http://bucket.<endpoint>/object?x-oss-process=image/action,parame_value

When source image protection is enabled for a bucket, only URLs in following formats can be used to access the images in the bucket:

  • URLs that include parameters in format of http://bucket.<endpoint>/object?x-oss-process=style/<StyleName>
  • URLs that include delimiters in format of http://bucket.<endpoint>/object<delimiter><StyleName>
Note
  • Source image protection applies only to anonymous access to public read objects.
  • Source image protection is designed to protect image objects. You must specify the extensions of image objects to protect.

Configure source image protection

  1. Log on to the OSS console.
  2. Click Access Settings. In the Access Settings dialog box that appears, configure the following parameters:
    • Protect Source Image File: Turn on Protect Source Image File. When this feature is enabled, visitors can access image objects only through URLs with stylename and signatures included. After source image protection is enabled, visitors cannot access source image objects or import image parameters to edit image styles in OSS.
    • Protected File Extensions: Specify the extensions of the source image objects to protect. Only source images with the specified extensions can be protected. If you set this parameter to jpg, visitors can access PNG images through a URL in format of http://bucket.<endpoint>/object.
  3. Click OK.

SDK demos for various programming languages

Troubleshooting

When source image protection is enabled for a bucket and an anonymous user accesses an OSS image object in the bucket through the object URL in format of http://bucket.<endpoint>/object, status code 403 is returned. However, if CDN is used to access the image, source image protection becomes invalid and status code 200 is returned.

The possible cause is that the request is redirected to access a private bucket through CDN. Source image protection applies only to anonymous access to public read objects.