I have some images in a bucket on S3. My app uses these images. What I want is the following:
- Only allow the image to be accessed if:
- The referer is my site - This I can already do with a bucket 开发者_C百科policy
- The user was redirected from my site
The problem is the redirect here, because, when redirected, no referer is sent to Amazon S3.
Is there a way to limit access to my S3 files in the way I described above?
My current bucket policy looks like this:
{
"Version": "2008-10-17",
"Id": "e9c9be4d-cdfc-470c-8582-1d5a9e4d04be",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/*",
"Condition": {
"StringLike": {
"aws:Referer": "http://myapp.com/*"
}
}
}
]
}
- Have your files be private.
- Use signed URLs in the links/redirects to your images.
- The signed URLs include an expiration; Amazon will not show your image past the expiration.
- The signed URLs cannot be forged; Amazon will not show your image if the signature is missing or invalid.
This guy appears to have solved the problem:
http://www.powercram.com/2010/07/s3-bucket-policy-to-restrict-access-by.html
精彩评论