首页 文章

Amazon AWS存储桶策略 - Safari浏览器不发送引用信息

提问于
浏览
2

我有以下AWS存储桶策略来限制对我的Amazon S3网址的访问:

{
"Version": "2008-10-17",
"Statement": [
    {
        "Sid": "Allowinmydomains",
        "Effect": "Allow",
        "Principal": {
            "AWS": "*"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::MyBucket/*",
        "Condition": {
            "StringLike": {
                "aws:Referer": [
                    "http://www.example.com/*",
                    "http://example.com/*"
                ]
            }
        }
    },
    {
        "Sid": "Givenotaccessifrefererisnomysites",
        "Effect": "Deny",
        "Principal": {
            "AWS": "*"
        },
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::MyBucket/*",
        "Condition": {
            "StringNotLike": {
                "aws:Referer": [
                    "http://www.example.com/*",
                    "http://example.com/*"
                ]
            }
        }
    }
]
}

上述存储桶策略适用于除Safari之外的所有浏览器 . 在线进行研究,由于Safari浏览器没有发送任何引用标头,因此它可能无法正常工作 .

有什么方法可以让这个存储桶策略适用于所有浏览器,还是有另一种方法可以拒绝访问亚马逊存储桶以防止从我的网站外部链接和下载文件?

谢谢!

amazon-web-services amazon-s3 safari amazon

2 回答

  • 1

    请尝试以下存储桶策略 . 您需要确保您的ACL不允许公共访问您的文件,并且您的存储桶策略中没有任何其他规则允许访问(通过绕过这些规则):

    {
  "Version":"2008-10-17",
  "Id":"Bucket policy",
  "Statement":[
    {
      "Sid":"Allow GET requests referred by www.example.com and example.com",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::example-bucket/*",
      "Condition":{
        "StringLike":{
          "aws:Referer":[
            "http://www.example.com/*",
            "http://example.com/*"
          ]
        }
      }
    },
    {
      "Sid":"Allow GET requests that don't specify a referrer (e.g. from Safari, Flash, etc.)",
      "Effect":"Allow",
      "Principal":"*",
      "Action":"s3:GetObject",
      "Resource":"arn:aws:s3:::example-bucket/*",
      "Condition":{
        "Null":{
          "aws:Referer":true
        }
      }
    }
  ]
}
    回复于
  • 0

    另一个选择是强制referrer用于Safari:

    <meta name="referrer" content="always">

    要么:

    <meta content="origin" id="mref" name="referrer">
    回复于

相关问题