You can configure hotlink protection for your Object Storage Service (OSS) bucket to prevent your resources in the bucket from unauthorized access.

Background information

To prevent your data stored in Object Storage Service (OSS) from unauthorized access, you can configure a Referer whitelist for your bucket by specifying the following parameters:
  • Referer Whitelist: specifies that only specified domain names are allowed to access your resources.
  • Allow Empty Referer: determines whether requests that contain an empty Referer field are allowed. If you specify that an empty Referer field is not allowed, only HTTP and HTTPS requests that contain an allowed Referer field can access your OSS resources.

For more information about Referers, see Hotlink protection.

Configure a Referer whitelist for a bucket

The following code provides an example on how to configure a Referer whitelist for a bucket:

PutBucketRefererRequest request = new PutBucketRefererRequest();
request.setBucketName("yourBucketName");
// Add Referers to the Referer whitelist. You can use asterisks (*) and question marks (?) as wildcards in Referers. 
ArrayList<String> referers = new ArrayList<String>();
referers.add("http://example.com");
referers.add("http://www.*.com");
referers.add("http://www.?.com");
request.setReferers(referers);

OSSAsyncTask task = oss.asyncPutBucketReferer(request, new OSSCompletedCallback<PutBucketRefererRequest, PutBucketRefererResult>() {
    @Override
    public void onSuccess(PutBucketRefererRequest request, PutBucketRefererResult result) {
        OSSLog.logInfo("code: " + result.getStatusCode());
    }
    @Override
    public void onFailure(PutBucketRefererRequest request, ClientException clientException, ServiceException serviceException) {
        OSSLog.logError("error: "+serviceException.getRawMessage());
    }
});
task.waitUntilFinished();

Query the Referer whitelist of a bucket

The following code provides an example on how to query a Referer whitelist of a bucket:

GetBucketRefererRequest request = new GetBucketRefererRequest();
request.setBucketName("yourBucketName");
OSSAsyncTask task = oss.asyncGetBucketReferer(request, new OSSCompletedCallback<GetBucketRefererRequest, GetBucketRefererResult>() {
    @Override
    public void onSuccess(GetBucketRefererRequest request, GetBucketRefererResult result) {
        // Query the Referer whitelist of the bucket. 
        ArrayList<String> list = result.getReferers();
        for (String ref : list){
            OSSLog.logInfo("info: " + ref);
        }
    }
    @Override
    public void onFailure(GetBucketRefererRequest request, ClientException clientException, ServiceException serviceException) {
        OSSLog.logError("error: "+serviceException.getRawMessage());
    }
});
task.waitUntilFinished();

Clear the Referer whitelist of the bucket

The following code provides an example on how to clear a Referer whitelist of a bucket:

PutBucketRefererRequest request = new PutBucketRefererRequest();
request.setBucketName("yourBucketName");
request.setAllowEmpty(true);
// The Referer whitelist of a bucket cannot be directly cleared. You must create a Referer whitelist that allows empty Referer fields to overwrite the existing Referer whitelist. 
ArrayList<String> referers = new ArrayList<String>();

request.setReferers(referers);
OSSAsyncTask task = oss.asyncPutBucketReferer(request, new OSSCompletedCallback<PutBucketRefererRequest, PutBucketRefererResult>() {
    @Override
    public void onSuccess(PutBucketRefererRequest request, PutBucketRefererResult result) {
        OSSLog.logInfo("code: " + result.getStatusCode());

    }
    @Override
    public void onFailure(PutBucketRefererRequest request, ClientException clientException, ServiceException serviceException) {
        OSSLog.logError("error: "+serviceException.getRawMessage());

    }
});
task.waitUntilFinished();

References

  • For the complete sample code that is used to configure a Referer whitelist, visit GitHub.
  • For more information about the API operation that you can call to configure a Referer whitelist for a bucket, see PutBucketReferer.
  • For more information about the API operation that you can call to query a Referer whitelist of a bucket, see GetBucketReferer.