You can configure hotlink protection for your Object Storage Service (OSS) bucket to prevent your resources in the bucket from unauthorized access.

To prevent your data stored in Object Storage Service (OSS) from unauthorized access, you can configure a Referer whitelist for your bucket by specifying the following parameters:
  • Referer Whitelist: specifies that only specified domain names are allowed to access your resources.
  • Allow Empty Referer: determines whether requests that contain an empty Referer field are allowed. If you specify that an empty Referer field is not allowed, only HTTP and HTTPS requests that contain an allowed Referer field can access your OSS resources.

For more information about hotlink protection, see Hotlink protection.

Configure a Referer allowlist for a bucket

The following code provides an example on how to configure a Referer allowlist for a bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
  access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')

# Specify the bucket name. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
# Configure the Referer allowlist of the bucket. 
bucket.referer = Aliyun::OSS::BucketReferer.new(
  allow_empty: true, whitelist: ['example.com', '*.example.com'])

Query a Referer allowlist of a bucket

The following code provides an example on how to query a Referer allowlist of a bucket:

require 'aliyun/oss'
client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
  access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')

# Specify the bucket name. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
ref = bucket.referer
puts ref.to_s

Clear a Referer allowlist of a bucket

The following code provides an example on how to clear a Referer allowlist of a bucket:

require 'aliyun/oss'

client = Aliyun::OSS::Client.new(
  # In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
  endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
  # The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
  access_key_id: 'AccessKeyId', access_key_secret: 'AccessKeySecret')

# Specify the bucket name. Example: examplebucket. 
bucket = client.get_bucket('examplebucket')
bucket.referer = Aliyun::OSS::BucketReferer.new(allow_empty: true, whitelist: [])

References

  • For more information about the API operation that you can call to configure a Referer allowlist for a bucket, see PutBucketReferer.
  • For more information about the API operation that you can call to query a Referer allowlist of a bucket, see GetBucketReferer.