All Products
Search
Document Center

Object Storage Service:Check Referers in OSS resource requests from other websites

Last Updated:Dec 21, 2023

You can query Referers included in requests sent to access an Object Storage Service (OSS) bucket by using the OSS logs and developer tool of the browser and configure Referer-based hotlink protection for the bucket based on your business requirements. This way, you can limit access to your bucket and avoid increased traffic fees due to a large number of unexpected requests.

Check Referers by using OSS logs

You can check Referers from which resources are requested by using the real-time log query feature.

  1. Log on to the OSS console.

  2. In the left-side navigation pane, click Buckets. On the Buckets page, click the bucket for which hotlink protection is configured.

  3. In the left-side navigation tree, choose Logging > Real-time Log Query.

    If the Referer information is sent in the request, the Referer is recorded in the Referer header field. If an empty Referer header is included in the request, the value of the referer field in the log record is "-".

    If no Referer header is included in the request, the log record does not contain the referer field.

    6.png

For more information about OSS log field, see Log fields.

Check Referers in a browser

Important

Some websites and browsers may disable or hide Referers. Therefore, you may fail to find the Referer header in a browser. Security policies may also modify or hide Referer information. To ensure that you obtain real Referer information, we recommend that you check Referers by using OSS logs.

This section shows how to check Referers by using the Google Chrome browser:

  1. Open a webpage in Chrome.

  2. Click the More icon in the upper-right corner, choose More tools > Developer tools.

  3. In the Developers tools, click the Network tab.

  4. Reload the webpage to trigger network requests.

  5. Find the network request whose Referer header you want to query. You can use a filter to quickly locate the intended request.

  6. Click the request name in the Name column. On the Headers tab of the pane that appears on the right side, check the Referer header in the Request Headers section.

    If the Referer information is sent in the request, the Referer is recorded in the Referer header field.

    If no Referer header is included in the request, no Referer information is present in the Request Headers section.

    2023-11-28_17-54-42.png

What to do next

Prevent hotlinking by configuring a Referer whitelist