All Products
Search

This Product

    Object Storage Service:Check whether hotlink protection configurations take effect

    Document Center

    Object Storage Service:Check whether hotlink protection configurations take effect

    Last Updated:Dec 22, 2023

    After you configure a Referer whitelist for a bucket in Object Storage Service (OSS) to allow specific URLs to access resources in the bucket, you can run the curl command to check whether hotlink protection configurations take effect.

    Prerequisites

    A Referer whitelist is configured for a bucket to prevent requests sent from other URLs from accessing objects. For more information, see Prevent hotlinking by configuring a Referer whitelist.

    Scenarios

    You can run the curl command to check whether hotlink protection configurations take effect in the following scenarios:

    Note

    You can run the curl command to access public-read or public-read-write objects. To access private objects, add the signature information to the curl command.

    URLs in the Referer whitelist

    Set the -e parameter to http://www.aliyun.com in the curl command. 

    curl -e http://www.aliyun.com http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt

    http://www.aliyun.com is added to the Referer whitelist. Therefore, no error is reported and the system directly prints the content in the demo.txt object. This indicates that the Referer whitelist takes effect. 

    demo

    URLs not in the Referer whitelist

    Set the -e parameter to http://www.example.edu in the curl command. 

    curl -e http://www.example.edu http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt

    http://www.example.edu is not added to the Referer whitelist. Therefore, an error is reported, which indicates that the Referer whitelist takes effect. 

    <?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>AccessDenied</Code>
  <Message>You are denied by bucket referer policy.</Message>
  <RequestId>6566AC76E41FB93030CE****</RequestId>
  <HostId>example****.oss-cn-hangzhou.aliyuncs.com</HostId>
  <BucketName>example****</BucketName>
  <EC>0003-00000503</EC>
  <RecommendDoc>https://api.aliyun.com/troubleshoot?q=0003-00000503</RecommendDoc>
</Error>

    Empty Referer

    Add http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt to the curl command without specifying the -e parameter. This indicates that the URL of the demo.txt object is directly opened in the browser. 

    curl http://example****.oss-cn-hangzhou.aliyuncs.com/demo.txt

    Requests that have empty Referers are allowed. Therefore, no error is reported and the system directly prints the content in the demo.txt object. 

    demo

    References

    You can also view the access records in OSS logs to check whether the hotlink protection configurations take effect. For more information, see How do I query the access and operation records of objects?