OSS provides source image protection to protect your image from image piracy. After source image protection is enabled, anonymous visitors can obtain only the thumbnails or watermarked images, but not the source images.

Background information

When source image protection is enabled for a bucket, the image objects stored in the bucket are accessed based on the following rules:
  • You cannot use the following methods to access the images:
    • Object URLs in the http://bucket.<endpoint>/object format.
    • Object URLs that include IMG parameters. Example: http://bucket.<endpoint>/object?x-oss-process=image/action,parame_value.
  • You can use the following methods to access the images:
    • Requests that include style parameters
      • URLs that include parameters. Example: http://bucket.<endpoint>/object?x-oss-process=style/<StyleName>.
      • URLs that include delimiters. Example: http://bucket.<endpoint>/object<Delimiter><StyleName>.
    • Requests that include signatures. Example: http://bucket.<endpoint>/object?OSSAccessKeyId=nz2pc56s9****9l&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2By****YEAiv4%3D.
Notice Source image protection is designed to protect image objects. You must specify the extensions of the image objects you want to protect.

Configure source image protection

  1. Log on to the OSS console.
  2. Click Buckets, and then click the name of the target bucket.
  3. Choose Data Processing > Image Processing > Access Settings.
  4. In the Access Settingsdialog box that appears, configure the following parameters:
    • Protect Source Image File: Turn on Protect Source Image File. After source image protection is enabled, source images are accessible only through URLs that include style names or signatures. You are not allowed to access source images in OSS or specify image parameters to modify image styles.
    • Protected File Extensions: Specify the extensions of source images. Only source images whose names contain the extensions are protected. If you set the parameter to jpg, you can access source images (such as PNG images) whose names do not contain jpg.
    • Delimiters: After you select delimiters, IMG processes the content that follows the delimiters as style names. Only hyphens (-), underscores (_), forward slashes (/), and exclamation points (?) can be used as delimiters. For more information, see Set separators.
  5. Click OK.

SDK examples for various programming languages

FAQ

  • Why is HTTP status code 403 returned when I directly access a protected image, whereas HTTP status code 200 is returned when I access the image over CDN?

    One possible cause is that the request is redirected to access a private bucket through CDN. Source image protection applies only to objects that can be accessed by anonymous users.

  • How can my source image be accessed through a signed URL when source image protection is enabled for the image?

    Source image protection applies only to objects that can be accessed by anonymous users. Access through signed URLs is not anonymous. When source image protection is enabled, your source image can be accessed through a signed URL.