If your origin is hosted on Alibaba Cloud Object Storage Service (OSS), you can grant permissions to Dynamic Route for CDN (DCDN) to access the private OSS bucket through an accelerated domain. This prevents resource hotlinking. This topic describes how to enable the access permission on private buckets.
If the origin of an accelerated domain is set to a private bucket under your account, you must authorize DCDN to access private buckets. After the required permission is granted and enabled, DCDN can use the accelerated domain to access the private bucket.
- You can enable private bucket access permission for only accelerated domains that use OSS buckets as origins.
- After you perform the authorization, DCDN is granted the read-only permission on all buckets.
- After the required permission is granted and enabled for an accelerated domain, DCDN can use the accelerated domain to access the corresponding private bucket. Enable this feature with caution. If the private bucket cannot provide appropriate origin content for the accelerated domain, do not perform the authorization or enable the private bucket access permission.
- If your website is vulnerable to attacks, purchase the Anti-DDoS Pro service. In addition, make sure that you have not authorized DCDN to access private buckets or enabled the private bucket access permission.
- Log on to the DCDN console.
- In the left-side navigation pane, click Domain Names.
- On the Domain Names page, find the domain name that you want to manage, and click Configure in the Actions column.
- In the left-side navigation pane on the details page of the specified domain, click Origin Fetch.
- On the Origin Fetch tab, find the Private Bucket Origin section.
- In the Private Bucket Origin section, click Authorize.
- Click Confirm Authorization Policy.
- In the Private Bucket Origin section, turn on Private Bucket Origin.