All Products
Search

This Product

    Object Storage Service:Hotlink protection (Android SDK)

    Document Center

    Object Storage Service:Hotlink protection (Android SDK)

    Last Updated:Mar 20, 2026

    Use the Android SDK to configure Referer-based access rules for your Object Storage Service (OSS) buckets. Rules include a Referer whitelist, a Referer blacklist, and an option to allow requests with an empty Referer. This prevents hotlinking of your OSS objects and avoids unnecessary traffic fees.

    Prerequisites

    Before you begin, ensure that you have:

    • Reviewed the hotlink protection feature. For details, see Hotlink protection

    • An OSSClient instance initialized with an OSS endpoint. To initialize with a custom domain or Security Token Service (STS), see Initialization

    • The required permissions: For details, see Attach a custom policy to a RAM user.

      • oss:PutBucketReferer — to set or clear hotlink protection

      • oss:GetBucketReferer — to retrieve the hotlink protection configuration

    Note: The examples in this topic use the public endpoint for the China (Hangzhou) region. To access OSS from other Alibaba Cloud services in the same region, use an internal endpoint. For supported regions and endpoints, see Regions and endpoints.

    API overview

    APIOperationDescription
    asyncPutBucketRefererSet or clear hotlink protectionConfigures a Referer whitelist or blacklist for a bucket, or clears the configuration by allowing empty Referers
    asyncGetBucketRefererGet the hotlink protection configurationRetrieves the current Referer configuration of a bucket

    Set hotlink protection

    All examples use PutBucketRefererRequest with asyncPutBucketReferer to submit an asynchronous request.

    `PutBucketRefererRequest` parameters

    ParameterDescriptionRequiredSetter method
    Bucket nameThe name of the target bucketYessetBucketName(String)
    Referer listA list of allowed Referer values. Supports the * and ? wildcard characters. Pass an empty list when clearing the configuration.YessetReferers(ArrayList<String>)

    The following example sets a Referer whitelist for a bucket:

    PutBucketRefererRequest request = new PutBucketRefererRequest();
request.setBucketName("examplebucket");

// Add Referer entries to the whitelist.
// The Referer parameter supports the asterisk (*) and question mark (?) wildcard characters.
ArrayList<String> referers = new ArrayList<String>();
referers.add("http://www.aliyun.com");
referers.add("https://www.aliyun.com");
// referers.add("http://www.www.alibabacloud.com/help");
// referers.add("http://www.?.aliyuncs.com");

request.setReferers(referers);

OSSAsyncTask task = oss.asyncPutBucketReferer(request, new OSSCompletedCallback<PutBucketRefererRequest, PutBucketRefererResult>() {
    @Override
    public void onSuccess(PutBucketRefererRequest request, PutBucketRefererResult result) {
        OSSLog.logInfo("code: " + result.getStatusCode());
    }

    @Override
    public void onFailure(PutBucketRefererRequest request, ClientException clientException, ServiceException serviceException) {
        OSSLog.logError("error: " + serviceException.getRawMessage());
    }
});
task.waitUntilFinished();

    Get the hotlink protection configuration

    The following example retrieves the Referer configuration for a bucket:

    GetBucketRefererRequest request = new GetBucketRefererRequest();
request.setBucketName("yourBucketName");

OSSAsyncTask task = oss.asyncGetBucketReferer(request, new OSSCompletedCallback<GetBucketRefererRequest, GetBucketRefererResult>() {
    @Override
    public void onSuccess(GetBucketRefererRequest request, GetBucketRefererResult result) {
        // Retrieve the Referer whitelist of the bucket.
        ArrayList<String> list = result.getReferers();
        for (String ref : list) {
            OSSLog.logInfo("info: " + ref);
        }
    }

    @Override
    public void onFailure(GetBucketRefererRequest request, ClientException clientException, ServiceException serviceException) {
        OSSLog.logError("error: " + serviceException.getRawMessage());
    }
});
task.waitUntilFinished();

    Clear the hotlink protection configuration

    Hotlink protection cannot be deleted directly. To clear the configuration, overwrite it with a new rule that allows empty Referers.

    PutBucketRefererRequest request = new PutBucketRefererRequest();
request.setBucketName("yourBucketName");

// Allow requests with an empty Referer to effectively disable Referer-based filtering.
request.setAllowEmpty(true);

// Pass an empty Referer list to remove all existing Referer entries.
ArrayList<String> referers = new ArrayList<String>();
request.setReferers(referers);

OSSAsyncTask task = oss.asyncPutBucketReferer(request, new OSSCompletedCallback<PutBucketRefererRequest, PutBucketRefererResult>() {
    @Override
    public void onSuccess(PutBucketRefererRequest request, PutBucketRefererResult result) {
        OSSLog.logInfo("code: " + result.getStatusCode());
    }

    @Override
    public void onFailure(PutBucketRefererRequest request, ClientException clientException, ServiceException serviceException) {
        OSSLog.logError("error: " + serviceException.getRawMessage());
    }
});
task.waitUntilFinished();

    What's next