You can use the Ruby software development kit (SDK) to configure access rules in Object Storage Service (OSS) based on the Referer request header. The rules can include a Referer whitelist, a Referer blacklist, and whether to allow empty Referer headers. This configuration prevents other websites from hotlinking your OSS files and helps you avoid unnecessary traffic costs.
Precautions
Before you configure hotlink protection, make sure that you familiarize yourself with this feature. For more information, see Hotlink protection.
In this topic, the public endpoint of the China (Hangzhou) region is used. If you want to access OSS from other Alibaba Cloud services in the same region as OSS, use an internal endpoint. For more information about OSS regions and endpoints, see Regions and endpoints.
In this topic, an OSSClient instance is created by using an OSS endpoint. If you want to create an OSSClient instance by using custom domain names or Security Token Service (STS), see Initialization.
To configure hotlink protection, you must have the
oss:PutBucketRefererpermission. To query hotlink protection configurations, you must have theoss:GetBucketRefererpermission. For more information, see Attach a custom policy to a RAM user.
Set hotlink protection
The following code shows how to set hotlink protection:
require 'aliyun/oss'
client = Aliyun::OSS::Client.new(
# The China (Hangzhou) region is used as an example. Replace the Endpoint with the one for your region.
endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
# Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured.
access_key_id: ENV['OSS_ACCESS_KEY_ID'],
access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)
# Specify the bucket name. For example, examplebucket.
bucket = client.get_bucket('examplebucket')
# Set the Referer list for the bucket.
bucket.referer = Aliyun::OSS::BucketReferer.new(
allow_empty: true, whitelist: ['http://www.aliyun.com', 'https:www.aliyun.com'])Get the hotlink protection configuration
The following code shows how to retrieve the hotlink protection configuration:
require 'aliyun/oss'
client = Aliyun::OSS::Client.new(
# The China (Hangzhou) region is used as an example. Replace the Endpoint with the one for your region.
endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
# Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured.
access_key_id: ENV['OSS_ACCESS_KEY_ID'],
access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)
# Specify the bucket name. For example, examplebucket.
bucket = client.get_bucket('examplebucket')
ref = bucket.referer
puts ref.to_sClear the hotlink protection configuration
The following code shows how to clear the hotlink protection configuration:
require 'aliyun/oss'
client = Aliyun::OSS::Client.new(
# The China (Hangzhou) region is used as an example. Replace the Endpoint with the one for your region.
endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
# Obtain access credentials from environment variables. Before you run the sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are configured.
access_key_id: ENV['OSS_ACCESS_KEY_ID'],
access_key_secret: ENV['OSS_ACCESS_KEY_SECRET']
)
# Specify the bucket name. For example, examplebucket.
bucket = client.get_bucket('examplebucket')
bucket.referer = Aliyun::OSS::BucketReferer.new(allow_empty: true, whitelist: [])References
For details about the API operation to set hotlink protection, see PutBucketReferer.
For details about the API operation to retrieve the hotlink protection configuration, see GetBucketReferer.