Challenge
When you use Alibaba Cloud Object Storage Service (OSS), objects have been set to public read. However, anonymous users cannot access this publicly read object.
Cause
After your file (Object) is set to Public Read, all users can access your objects. However, the following settings prevent anonymous users from accessing publicly read objects:
- Set pay-by-requester mode: After the pay-by-requester mode is enabled, the requester pays for the traffic and request fees incurred when reading data in a bucket. The bucket owner only pays for the storage fees. Therefore, the requester must provide authentication information so that OSS can identify the requester and charge the requester rather than the bucket owner for the fees incurred in the request. Anonymous user access does not carry authentication information, so anonymous user access will fail.
- Bucket policies are set: Bucket policies are authorized by Alibaba Cloud OSS. You can use bucket policies to prohibit or allow other users to access your OSS resources. Therefore, if your Bucket Policy sets certain policies that affect the access of anonymous users, anonymous users will also be inaccessible.
Modification method
If you encounter that anonymous users cannot access publicly read objects while using OSS, see the following operations to resolve this issue:
- First, check whether the pay-by-requester mode is set for your OSS. If the pay-by-requester mode is set, see the following two solutions:
- If you do not disable pay-by-requester mode, you can use the bucket owner to generate a signed file URL for anonymous users to access. For more information about how to generate a signed file URL, see How do I obtain the URL after uploading an object?
- You can also disable the pay-by-requester mode. For more information, see Set the pay-by-requester mode.
- Check whether your bucket policies have policies that affect access from anonymous users. If so, modify or delete policies that affect access from anonymous users. For more information, see Use bucket policies to authorize other users to access OSS resources.
Applicable scope
- OSS