Object Storage Service (OSS) supports access to resources over HTTPS and HTTP. However, the HTTP protocol is not secure and can expose resources to risks. To protect OSS resources from attacks, we recommend that you allow access to OSS resources over HTTPS and deny access over HTTP. This topic describes how to configure bucket policies to access OSS resources only over HTTPS.
Background information
You can configure bucket policies to allow all users to access OSS resources only over HTTPS. You cannot configure RAM policies to allow all users to access OSS resources only over HTTPS. RAM policies are user-based authorization policies and can be used to grant permissions only to users. RAM policies cannot be used to grant permissions to buckets or objects. The following section provides an example on how to prevent all users (including authorized users and unauthorized anonymous users) from accessing resources in a specific bucket over HTTP.
Procedure
Log on to the OSS console.
In the left-side navigation pane, click Buckets. On the Buckets page, click the name of the bucket from which you want to download objects.
In the left-side navigation pane, choose Permission Control > Bucket Policy.
On the Bucket Policy tab, click Authorize.
In the Authorize panel, configure the following parameters:
Applied To: Set this parameter to Whole Bucket.
Accounts: Set this parameter to All Accounts (*).
Authorized Operation: Set this parameter to None.
Access Mode in the Conditions section: Set this parameter to HTTP.
Click OK. In this case, resources in the bucket can be accessed only over HTTPS.