All Products
Search
Document Center

Object Storage Service:Block public access at the bucket level (OSS SDK for PHP V2)

Last Updated:Jun 17, 2026

You can use OSS SDK for PHP V2 to enable, query, and delete the Block Public Access configuration for a bucket.

Usage notes

  • The sample code in this topic uses the region ID cn-hangzhou of the China (Hangzhou) region. By default, a public endpoint is used to access resources in a bucket. If you want to access resources in the bucket from other Alibaba Cloud services in the same region in which the bucket is located, use an internal endpoint. For more information about the regions and endpoints that OSS supports, see Regions and endpoints.

Sample code

Enable Block Public Access for a bucket

The following code shows how to enable Block Public Access for a bucket.

<?php

// Import the autoloader file to load the dependency library.
require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

// Define the description of command line arguments.
$optsdesc = [
    "region" => ['help' => 'The region in which the bucket is located.', 'required' => True], // The region is a required argument. The region where the bucket is located.
    "endpoint" => ['help' => 'The domain names that other services can use to access OSS.', 'required' => False], // The endpoint is an optional argument. The domain name that other services can use to access OSS.
    "bucket" => ['help' => 'The name of the bucket', 'required' => True], // The bucket name is a required argument.
];

// Generate a list of long options to parse command line arguments.
$longopts = \array_map(function ($key) {
    return "$key:"; // Add a colon after each parameter to indicate that a value is required.
}, array_keys($optsdesc));

// Parse the command line arguments.
$options = getopt("", $longopts);

// Check whether required arguments are specified.
foreach ($optsdesc as $key => $value) {
    if ($value['required'] === True && empty($options[$key])) {
        $help = $value['help'];
        echo "Error: the following arguments are required: --$key, $help"; // Prompt the user that a required argument is missing.
        exit(1);
    }
}

// Obtain the values of command line arguments.
$region = $options["region"]; // The region where the bucket is located.
$bucket = $options["bucket"]; // The bucket name.

// Load credentials, including the AccessKey ID and AccessKey secret, from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

// Use the default configurations of the SDK.
$cfg = Oss\Config::loadDefault();

// Set the credentials provider.
$cfg->setCredentialsProvider($credentialsProvider);

// Set the region.
$cfg->setRegion($region);

// If an endpoint is provided, set the endpoint.
if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]);
}

// Create an OSS client instance.
$client = new Oss\Client($cfg);

// Build a PutBucketPublicAccessBlockRequest object to set the Block Public Access configuration for the bucket.
$request = new Oss\Models\PutBucketPublicAccessBlockRequest(
    bucket: $bucket,
    publicAccessBlockConfiguration: new Oss\Models\PublicAccessBlockConfiguration(blockPublicAccess: true) // Configure to block public access.
);

// Call the putBucketPublicAccessBlock method to set the Block Public Access configuration for the bucket and accept the result.
$result = $client->putBucketPublicAccessBlock($request);

// Print the result, including the status code and request ID.
printf(
    'status code:' . $result->statusCode . PHP_EOL .
    'request id:' . $result->requestId
);

Get the Block Public Access configuration of a specified bucket

The following code shows how to query the Block Public Access configuration of a bucket.

<?php

// Import the autoloader file to load the dependency library.
require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

// Define the description of command line arguments.
$optsdesc = [
    "region" => ['help' => 'The region in which the bucket is located.', 'required' => True], // The region is a required argument. The region where the bucket is located.
    "endpoint" => ['help' => 'The domain names that other services can use to access OSS.', 'required' => False], // The endpoint is an optional argument. The domain name that other services can use to access OSS.
    "bucket" => ['help' => 'The name of the bucket', 'required' => True], // The bucket name is a required argument.
];

// Generate a list of long options to parse command line arguments.
$longopts = \array_map(function ($key) {
    return "$key:"; // Add a colon after each parameter to indicate that a value is required.
}, array_keys($optsdesc));

// Parse the command line arguments.
$options = getopt("", $longopts);

// Check whether required arguments are specified.
foreach ($optsdesc as $key => $value) {
    if ($value['required'] === True && empty($options[$key])) {
        $help = $value['help'];
        echo "Error: the following arguments are required: --$key, $help"; // Prompt the user that a required argument is missing.
        exit(1);
    }
}

// Obtain the values of command line arguments.
$region = $options["region"]; // The region where the bucket is located.
$bucket = $options["bucket"]; // The bucket name.

// Load credentials, including the AccessKey ID and AccessKey secret, from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

// Use the default configurations of the SDK.
$cfg = Oss\Config::loadDefault();

// Set the credentials provider.
$cfg->setCredentialsProvider($credentialsProvider);

// Set the region.
$cfg->setRegion($region);

// If an endpoint is provided, set the endpoint.
if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]);
}

// Create an OSS client instance.
$client = new Oss\Client($cfg);

// Build a GetBucketPublicAccessBlockRequest object to obtain the Block Public Access configuration of the bucket.
$request = new Oss\Models\GetBucketPublicAccessBlockRequest(bucket: $bucket);

// Call the getBucketPublicAccessBlock method to obtain the Block Public Access configuration of the bucket and accept the result.
$result = $client->getBucketPublicAccessBlock($request);

// Print the result, including the status code, request ID, and Block Public Access configuration.
printf(
    'status code:' . $result->statusCode . PHP_EOL .
    'request id:' . $result->requestId . PHP_EOL .
    'bucket public access block config:' . var_export($result->publicAccessBlockConfiguration, true)
);

Delete the Block Public Access configuration of a specified bucket

The following code shows how to delete the Block Public Access configuration of a bucket.

<?php

// Import the autoloader file to load the dependency library.
require_once __DIR__ . '/../vendor/autoload.php';

use AlibabaCloud\Oss\V2 as Oss;

// Define the description of command line arguments.
$optsdesc = [
    "region" => ['help' => 'The region in which the bucket is located.', 'required' => True], // The region is a required argument. The region where the bucket is located.
    "endpoint" => ['help' => 'The domain names that other services can use to access OSS.', 'required' => False], // The endpoint is an optional argument. The domain name that other services can use to access OSS.
    "bucket" => ['help' => 'The name of the bucket', 'required' => True], // The bucket name is a required argument.
];

// Generate a list of long options to parse command line arguments.
$longopts = \array_map(function ($key) {
    return "$key:"; // Add a colon after each parameter to indicate that a value is required.
}, array_keys($optsdesc));

// Parse the command line arguments.
$options = getopt("", $longopts);

// Check whether required arguments are specified.
foreach ($optsdesc as $key => $value) {
    if ($value['required'] === True && empty($options[$key])) {
        $help = $value['help'];
        echo "Error: the following arguments are required: --$key, $help"; // Prompt the user that a required argument is missing.
        exit(1);
    }
}

// Obtain the values of command line arguments.
$region = $options["region"]; // The region where the bucket is located.
$bucket = $options["bucket"]; // The bucket name.

// Load credentials, including the AccessKey ID and AccessKey secret, from environment variables.
$credentialsProvider = new Oss\Credentials\EnvironmentVariableCredentialsProvider();

// Use the default configurations of the SDK.
$cfg = Oss\Config::loadDefault();

// Set the credentials provider.
$cfg->setCredentialsProvider($credentialsProvider);

// Set the region.
$cfg->setRegion($region);

// If an endpoint is provided, set the endpoint.
if (isset($options["endpoint"])) {
    $cfg->setEndpoint($options["endpoint"]);
}

// Create an OSS client instance.
$client = new Oss\Client($cfg);

// Build a DeleteBucketPublicAccessBlockRequest object to delete the Block Public Access configuration of the bucket.
$request = new Oss\Models\DeleteBucketPublicAccessBlockRequest(bucket: $bucket);

// Call the deleteBucketPublicAccessBlock method to delete the Block Public Access configuration of the bucket and accept the result.
$result = $client->deleteBucketPublicAccessBlock($request);

// Print the result, including the status code and request ID.
printf(
    'status code:' . $result->statusCode . PHP_EOL .
    'request id:' . $result->requestId
);

References

  • For complete sample code for managing Block Public Access at the bucket level, visit GitHub.

  • For more information about the API operation used to enable Block Public Access for a bucket, see PutBucketPublicAccessBlock.

  • For more information about the API operation used to retrieve the Block Public Access configuration of a bucket, see GetBucketPublicAccessBlock.

  • For more information about the API operation used to delete the Block Public Access configuration of a bucket, see DeleteBucketPublicAccessBlock.