After the access control lists (ACLs) of your objects are set to public read, all users can access your objects. However, the following configurations can cause anonymous users to fail to access public-read objects in a bucket:

Pay-by-requester

After you have pay-by-requester enabled, requesters must pay fees for requests and traffic generated by reading data in the bucket. The bucket owner is charged only the storage fees of the bucket. Therefore, requesters must provide identity information for authentication so that Object Storage Service (OSS) can identify and charge requesters for request and traffic fees. Anonymous users do not carry identity information for authentication when they access your buckets, so OSS denies requests from anonymous users. For more information, see Enable pay-by-requester.

Solution:

Bucket policy

Bucket policies are used to authorize other users to access your OSS resources. Therefore, some bucket policies that you configure for a bucket may cause anonymous users failed access to the bucket. For more information about bucket policies, see Configure bucket policies to authorize other users to access OSS resources.

Solution:

View the bucket policies that you configure for the bucket. Modify or delete the bucket policies that prevent anonymous users from accessing the bucket.