After you configure a Referer whitelist for a bucket in Object Storage Service (OSS) to allow specific URLs to access resources in the bucket, you can run the curl
command to check whether hotlink protection configurations take effect.
Prerequisites
A Referer whitelist is configured for a bucket to prevent requests sent from other URLs from accessing objects. For more information, see Prevent hotlinking by configuring a Referer whitelist.
Scenarios
You can run the curl
command to check whether hotlink protection configurations take effect in the following scenarios:
You can run the curl command to access public-read or public-read-write objects. To access private objects, add the signature information to the curl command.
URLs in the Referer whitelist
Set the -e
parameter to http://www.aliyun.com
in the curl
command.
curl -e http://www.aliyun.com http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt
http://www.aliyun.com
is added to the Referer whitelist. Therefore, no error is reported and the system directly prints the content in the demo.txt object. This indicates that the Referer whitelist takes effect.
demo
URLs not in the Referer whitelist
Set the -e
parameter to http://www.example.edu in the curl
command.
curl -e http://www.example.edu http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt
http://www.example.edu
is not added to the Referer whitelist. Therefore, an error is reported, which indicates that the Referer whitelist takes effect.
<?xml version="1.0" encoding="UTF-8"?>
<Error>
<Code>AccessDenied</Code>
<Message>You are denied by bucket referer policy.</Message>
<RequestId>6566AC76E41FB93030CE****</RequestId>
<HostId>example****.oss-cn-hangzhou.aliyuncs.com</HostId>
<BucketName>example****</BucketName>
<EC>0003-00000503</EC>
<RecommendDoc>https://api.aliyun.com/troubleshoot?q=0003-00000503</RecommendDoc>
</Error>
Empty Referer
Add http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt to the curl
command without specifying the -e parameter. This indicates that the URL of the demo.txt object is directly opened in the browser.
curl http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt
Requests that have empty Referers are allowed. Therefore, no error is reported and the system directly prints the content in the demo.txt object.
demo
References
You can also view the access records in OSS logs to check whether the hotlink protection configurations take effect. For more information, see How do I query the access and operation records of objects?