All Products
Search
Document Center

Object Storage Service:Check whether hotlink protection configurations take effect

Last Updated:Dec 22, 2023

After you configure a Referer whitelist for a bucket in Object Storage Service (OSS) to allow specific URLs to access resources in the bucket, you can run the curl command to check whether hotlink protection configurations take effect.

Prerequisites

A Referer whitelist is configured for a bucket to prevent requests sent from other URLs from accessing objects. For more information, see Prevent hotlinking by configuring a Referer whitelist.

Scenarios

You can run the curl command to check whether hotlink protection configurations take effect in the following scenarios:

Note

You can run the curl command to access public-read or public-read-write objects. To access private objects, add the signature information to the curl command.

URLs in the Referer whitelist

Set the -e parameter to http://www.aliyun.com in the curl command.

curl -e http://www.aliyun.com http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt

http://www.aliyun.com is added to the Referer whitelist. Therefore, no error is reported and the system directly prints the content in the demo.txt object. This indicates that the Referer whitelist takes effect.

demo

URLs not in the Referer whitelist

Set the -e parameter to http://www.example.edu in the curl command.

curl -e http://www.example.edu http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt

http://www.example.edu is not added to the Referer whitelist. Therefore, an error is reported, which indicates that the Referer whitelist takes effect.

<?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>AccessDenied</Code>
  <Message>You are denied by bucket referer policy.</Message>
  <RequestId>6566AC76E41FB93030CE****</RequestId>
  <HostId>example****.oss-cn-hangzhou.aliyuncs.com</HostId>
  <BucketName>example****</BucketName>
  <EC>0003-00000503</EC>
  <RecommendDoc>https://api.aliyun.com/troubleshoot?q=0003-00000503</RecommendDoc>
</Error>

Empty Referer

Add http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt to the curl command without specifying the -e parameter. This indicates that the URL of the demo.txt object is directly opened in the browser.

curl http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt

Requests that have empty Referers are allowed. Therefore, no error is reported and the system directly prints the content in the demo.txt object.

demo

References

You can also view the access records in OSS logs to check whether the hotlink protection configurations take effect. For more information, see How do I query the access and operation records of objects?