Configure hotlink protection using Go SDK V2 to prevent other websites from referencing OSS files - Object Storage Service

Object Storage Service (OSS) allows you to configure Referer-based access control policies, such as policies for Referer whitelisting and blacklisting. You can also specify whether requests with empty referrers are allowed. This way, you can prevent unauthorized access and unexpected traffic fees.

Usage notes

Before you configure hotlink protection, familiarize yourself with this feature. For more information, see hotlink protection.
The sample code in this topic uses the region ID cn-hangzhou of the China (Hangzhou) region. By default, the public endpoint is used to access resources in a bucket. If you want to access resources in the bucket by using other Alibaba Cloud services in the same region in which the bucket is located, use an internal endpoint. For more information about the regions and endpoints supported by Object Storage Service (OSS), see OSS regions and endpoints.
In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials.
To configure hotlink protection for a bucket or delete the hotlink protection configurations of a bucket, you must have the oss:PutBucketReferer permission. To query the hotlink protection configurations, you must have the oss:GetBucketReferer permission. For more information, see Grant custom permissions to RAM users.

Sample code

Configure hotlink protection

The following code provides an example on how to configure hotlink protection.

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

// Define global variables.
var (
	region     string // Region in which your bucket is located.
	bucketName string // Name of your bucket.
)

// Specify the init function used to initialize command line parameters.
func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	// Parse command line parameters.
	flag.Parse()

	// Check whether the name of your bucket is specified.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	// Check whether the region is specified.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	// Load the default configurations and specify the credential provider and region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	// Create an OSS client.
	client := oss.NewClient(cfg)

	// Create a request to configure hotlink protection for your bucket.
	request := &oss.PutBucketRefererRequest{
		Bucket: oss.Ptr(bucketName), // Name of your bucket.
		RefererConfiguration: &oss.RefererConfiguration{
			AllowEmptyReferer: oss.Ptr(true),
			RefererList: &oss.RefererList{
				Referers: []string{
					"http://www.aliyun.com",
					"https://www.aliyun.com",
					"https://www.help.aliyun.com",
					"http://www.?.aliyuncs.com",
				},
			}, // Add Referers to the Referer whitelist. You can use asterisks (*) and question marks (?) as wildcard characters in Referers.
			RefererBlacklist: &oss.RefererBlacklist{
				Referers: []string{
					"http://www.refuse.com",
					"https://*.hack.com",
					"http://ban.*.com",
					"https://www.?.deny.com",
				},
			}, // Add Referers to the Referer blacklist.
		},
	}

	// Process the request of configuring hotlink protection for the bucket.
	result, err := client.PutBucketReferer(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to put bucket referer %v", err)
	}

	// Display the result.
	log.Printf("put bucket referer result:%#v\n", result)
}

Query configurations of hotlink protection

The following code provides an example on how to query the configurations of hotlink protection.

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

// Define global variables.
var (
	region     string // Region in which your bucket is located.
	bucketName string // Name of your bucket.
)

// Specify the init function used to initialize command line parameters.
func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	// Parse command line parameters.
	flag.Parse()

	// Check whether the name of your bucket is specified.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	// Check whether the region is specified.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	// Load the default configurations and specify the credential provider and region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	// Create an OSS client.
	client := oss.NewClient(cfg)

	// Create a request to query the configurations of hotlink protection.
	request := &oss.GetBucketRefererRequest{
		Bucket: oss.Ptr(bucketName), // Name of your bucket.
	}

	// Process the query request.
	result, err := client.GetBucketReferer(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to get bucket referer %v", err)
	}

	// Display the result.
	log.Printf("get bucket referer result:%#v\n", result.RefererConfiguration.RefererList.Referers)
}

Delete configurations of hotlink protection

The following code provides an example on how to delete the configurations of hotlink protection.

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

// Define global variables.
var (
	region     string // Region in which your bucket is located.
	bucketName string // Name of your bucket.
)

// Specify the init function used to initialize command line parameters.
func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	// Parse command line parameters.
	flag.Parse()

	// Check whether the name of your bucket is specified.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	// Check whether the region is specified.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	// Load the default configurations and specify the credential provider and region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	// Create an OSS client.
	client := oss.NewClient(cfg)

	// Create a request to configure hotlink protection.
	request := &oss.PutBucketRefererRequest{
		Bucket: oss.Ptr(bucketName), // Name of your bucket.
		RefererConfiguration: &oss.RefererConfiguration{
			AllowEmptyReferer: oss.Ptr(true),
			RefererList: &oss.RefererList{
				Referers: []string{}, // No specific Referer restrictions are applied。
			},
		},
	}

	// Process the request.
	result, err := client.PutBucketReferer(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to put bucket referer %v", err)
	}

	// Display the result.
	log.Printf("put bucket referer result:%#v\n", result)
}

References

For more information about the API operation that you can call to configure hotlink protection for a bucket, see PutBucketReferer.
For more information about the API operation that you can call to query the configurations of hotlink protection, see GetBucketReferer.