After the access control lists (ACLs) of your objects are set to public read, all users can access your objects. However, the following configurations can cause anonymous users to fail to access public-read objects in a bucket:
After you have pay-by-requester enabled, requesters must pay fees for requests and traffic generated by reading data in the bucket. The bucket owner is charged only the storage fees of the bucket. Therefore, requesters must provide identity information for authentication so that Object Storage Service (OSS) can identify and charge requesters for request and traffic fees. Anonymous users do not carry identity information for authentication when they access your buckets, so OSS denies requests from anonymous users. For more information, see Enable pay-by-requester.
- The bucket owner can generate a signed URL for the required object and provide the anonymous user with the signed URL. For more information, see How do I obtain the URL of an uploaded object?.
- The bucket owner can disable pay-by-requester. For more information, see Configure the pay-by-requester mode.
Bucket policies are used to authorize other users to access your OSS resources. Therefore, some bucket policies that you configure for a bucket may cause anonymous users failed access to the bucket. For more information about bucket policies, see Configure bucket policies to authorize other users to access OSS resources.
View the bucket policies that you configure for the bucket. Modify or delete the bucket policies that prevent anonymous users from accessing the bucket.