This topic describes how to use hotlink protection.

To prevent your data on OSS from being leeched, OSS supports hotlink protection through the referer field settings in the HTTP header, including the following parameters:
  • Referer whitelist: Used to allow access only for specified domains to OSS data.
  • Empty referer: Determines whether the referer can be empty. If it is not allowed, only requests with the referer filed in their HTTP or HTTPS headers can access OSS data.

For more information about hotlink protection, see Hotlink protection in OSS Developer Guide. For more information about the complete code that is used to configure hotlink protection, visit GitHub.

Configure hotlink protection

The following code provides an example on how to configure a Referer whitelist for a bucket:

package main

import (
    "fmt"
    "os"
    "github.com/aliyun/aliyun-oss-go-sdk/oss"
)

func main() {
    // Create an OSSClient instance. 
    client, err := oss.New("<yourEndpoint>", "<yourAccessKeyId>", "<yourAccessKeySecret>")
    if err!=nil{
        fmt.Println("Error:", err)
        os.Exit(-1)
    }

    bucketName := "<yourBucketName>"

    // Add Referers to the Referer whitelist and specify that empty Referer fields are not allowed. You can use an asterisk (*) or a question mark (?) as a wildcard to set the Referer parameter. 
    referers := []string{"http://www.aliyun.com",
                         "http://www.???.aliyuncs.com",
                         "http://www.*.com"}
    err = client.SetBucketReferer(bucketName, referers, false)
    if err!=nil{
        fmt.Println("Error:", err)
        os.Exit(-1)
    }
}            

Query hotlink protection configurations

The following code provides an example on how to query a Referer whitelist of a bucket:

package main

import (
    "fmt"
    "os"
    "github.com/aliyun/aliyun-oss-go-sdk/oss"
)

func main() {
    // Create an OSSClient instance. 
    client, err := oss.New("<yourEndpoint>", "<yourAccessKeyId>", "<yourAccessKeySecret>")
    if err!=nil{
        fmt.Println("Error:", err)
        os.Exit(-1)
    }

    bucketName := "<yourBucketName>"

    // Query hotlink protection configurations. 
    refRes, err := client.GetBucketReferer(bucketName)
    if err!=nil{
        fmt.Println("Error:", err)
        os.Exit(-1)
    }
    fmt.Println("Referers: ", refRes.RefererList)
    fmt.Println("AllowEmptyReferer: ", refRes.AllowEmptyReferer)
}            

Delete hotlink protection configurations

The following code provides an example on how to clear a Referer whitelist of a bucket:

package main

import (
    "fmt"
    "os"
    "github.com/aliyun/aliyun-oss-go-sdk/oss"
)

func main() {
    // Create an OSSClient instance. 
    client, err := oss.New("<yourEndpoint>", "<yourAccessKeyId>", "<yourAccessKeySecret>")
    if err!=nil{
        fmt.Println("Error:", err)
        os.Exit(-1)
    }

    bucketName := "<yourBucketName>"

    // Delete hotlink protection configurations. // You cannot directly delete hotlink protection configurations. To delete hotlink protection configurations, you must create a rule that allows empty Referer fields to replace the existing rule. 
    err = client.SetBucketReferer(bucketName, []string{}, true)
    if err!=nil{
        fmt.Println("Error:", err)
        os.Exit(-1)
    }
}