このトピックでは、anti-leech の使い方について説明します。
OSS 上のデータ盗難を防ぐために、OSS は、HTTP ヘッダー内の referer フィールド設定による、アンチリーチ機能をサポートしています。次のパラメーターが含まれます。
- リファラーホワイトリスト: 指定されたドメインに対してのみ、OSS データへのアクセスを許可するために使用されます。
- 空のリファラー: リファラーを空にできるかどうかを決定します。 許可されていない場合は、HTTP ヘッダーまたは HTTPS ヘッダーにファイルされているリファラー要求のみが、OSS データにアクセスできます。
アンチリーチ機能の詳細については、「アンチリーチ機能の設定」をご参照ください。
リファラーホワイトリストの設定
次のコードを実行して、参照元のホワイトリストを設定します。
#include "oss_api.h"
#include "aos_http_io.h"
const char *endpoint = "<yourEndpoint>";
const char *access_key_id = "<yourAccessKeyId>";
const char *access_key_secret = "<yourAccessKeySecret>";
const char *bucket_name = "<yourBucketName>";
void init_options(oss_request_options_t *options)
{
options->config = oss_config_create(options->pool);
/* Use a char* string to initialize aos_string_t. */
aos_str_set(&options->config->endpoint, endpoint);
aos_str_set(&options->config->access_key_id, access_key_id);
aos_str_set(&options->config->access_key_secret, access_key_secret);
/* Determine whether the CNAME is used. 0 indicates that the CNAME is not used. */
options->config->is_cname = 0;
/* Configure network parameters, such as timeout. */
options->ctl = aos_http_controller_create(options->pool, 0);
}
int main(int argc, char *argv[])
{
/* Call the aos_http_io_initialize method in main() to initialize global resources, such as networks and memories. */
if (aos_http_io_initialize(NULL, 0) ! = AOSE_OK) {
exit(1);
}
/* Memory pool used to manage memories, which is equivalent to apr_pool_t. The implementation code is included in the apr library. */
aos_pool_t *pool;
/* Re-create a new memory pool. The second parameter is NULL, indicating that it does not inherit from any other memory pools. */
aos_pool_create(&pool, NULL);
/* Create and initialize options. This parameter mainly includes global configuration information, such as endpoint, access_key_id, acces_key_secret, is_cname, and curl. */
oss_request_options_t *oss_client_options;
/* Allocate memories in the memory pool to options. */
oss_client_options = oss_request_options_create(pool);
/* Initialize oss_client_options. */
init_options(oss_client_options);
/* Initialization parameters. */
aos_string_t bucket;
aos_table_t *resp_headers = NULL;
aos_status_t *resp_status = NULL;
oss_referer_config_t referer_config;
aos_str_set(&bucket, bucket_name);
aos_list_init(&referer_config.referer_list);
oss_create_and_add_refer(pool, &referer_config, "http://www.aliyun.com");
oss_create_and_add_refer(pool, &referer_config, "https://www.aliyun.com");
referer_config.allow_empty_referer = 0;
/* Add the referer field. The referer field allows question marks (?) and asterisks (*) for wildcard use. */
resp_status = oss_put_bucket_referer(oss_client_options, &bucket, &referer_config, &resp_headers);
if (aos_status_is_ok(resp_status)) {
printf("put bucket referer succeeded\n");
} else {
printf("put bucket referer failed\n");
}
/* Release the memory pool, that is, memories allocated to resources during the request. */
aos_pool_destroy(pool);
/* Release the allocated global resources. */
aos_http_io_deinitialize();
return 0;
}リファラーホワイトリストの取得
次のコードを実行して、リファラーホワイトリストを取得します。
#include "oss_api.h"
#include "aos_http_io.h"
const char *endpoint = "<yourEndpoint>";
const char *access_key_id = "<yourAccessKeyId>";
const char *access_key_secret = "<yourAccessKeySecret>";
const char *bucket_name = "<yourBucketName>";
void init_options(oss_request_options_t *options)
{
options->config = oss_config_create(options->pool);
/* Use a char* string to initialize aos_string_t. */
aos_str_set(&options->config->endpoint, endpoint);
aos_str_set(&options->config->access_key_id, access_key_id);
aos_str_set(&options->config->access_key_secret, access_key_secret);
/* Determine whether the CNAME is used. 0 indicates that the CNAME is not used. */
options->config->is_cname = 0;
/* Configure network parameters, such as timeout. */
options->ctl = aos_http_controller_create(options->pool, 0);
}
int main(int argc, char *argv[])
{
/* Call the aos_http_io_initialize method in main() to initialize global resources, such as networks and memories. */
if (aos_http_io_initialize(NULL, 0) ! = AOSE_OK) {
exit(1);
}
/* Memory pool used to manage memories, which is equivalent to apr_pool_t. The implementation code is included in the apr library. */
aos_pool_t *pool;
/* Re-create a new memory pool. The second parameter is NULL, indicating that it does not inherit from any other memory pools. */
aos_pool_create(&pool, NULL);
/* Create and initialize options. This parameter mainly includes global configuration information, such as endpoint, access_key_id, acces_key_secret, is_cname, and curl. */
oss_request_options_t *oss_client_options;
/* Allocate memories in the memory pool to options. */
oss_client_options = oss_request_options_create(pool);
/* Initialize oss_client_options. */
init_options(oss_client_options);
/* Initialization parameters. */
aos_string_t bucket;
aos_table_t *resp_headers = NULL;
aos_status_t *resp_status = NULL;
oss_referer_config_t referer_config;
oss_referer_t *referer;
aos_str_set(&bucket, bucket_name);
aos_list_init(&referer_config.referer_list);
/* Obtain the referer list for a bucket. */
resp_status = oss_get_bucket_referer(oss_client_options, &bucket, &referer_config, &resp_headers);
if (aos_status_is_ok(resp_status)) {
printf("get bucket referer succeeded\n");
aos_list_for_each_entry(oss_referer_t, referer, &referer_config.referer_list, node) {
printf("get referer %s\n", referer->referer.data);
}
} else {
printf("get bucket referer failed\n");
}
/* Release the memory pool, that is, memories allocated to resources during the request. */
aos_pool_destroy(pool);
/* Release the allocated global resources. */
aos_http_io_deinitialize();
return 0;
}リファラーホワイトリストの解除
次のコードを実行して、リファラーホワイトリストを解除します。
#include "oss_api.h"
#include "aos_http_io.h"
const char *endpoint = "<yourEndpoint>";
const char *access_key_id = "<yourAccessKeyId>";
const char *access_key_secret = "<yourAccessKeySecret>";
const char *bucket_name = "<yourBucketName>";
void init_options(oss_request_options_t *options)
{
options->config = oss_config_create(options->pool);
/* Use a char* string to initialize aos_string_t. */
aos_str_set(&options->config->endpoint, endpoint);
aos_str_set(&options->config->access_key_id, access_key_id);
aos_str_set(&options->config->access_key_secret, access_key_secret);
/* Determine whether the CNAME is used. 0 indicates that the CNAME is not used. */
options->config->is_cname = 0;
/* Configure network parameters, such as timeout. */
options->ctl = aos_http_controller_create(options->pool, 0);
}
int main(int argc, char *argv[])
{
/* Call the aos_http_io_initialize method in main() to initialize global resources, such as networks and memories. */
if (aos_http_io_initialize(NULL, 0) ! = AOSE_OK) {
exit(1);
}
/* Memory pool used to manage memories, which is equivalent to apr_pool_t. The implementation code is included in the apr library. */
aos_pool_t *pool;
/* Re-create a new memory pool. The second parameter is NULL, indicating that it does not inherit from any other memory pools. */
aos_pool_create(&pool, NULL);
/* Create and initialize options. This parameter mainly includes global configuration information, such as endpoint, access_key_id, acces_key_secret, is_cname, and curl. */
oss_request_options_t *oss_client_options;
/* Allocate memories in the memory pool to options. */
oss_client_options = oss_request_options_create(pool);
/* Initialize oss_client_options. */
init_options(oss_client_options);
/* Initialization parameters. */
aos_string_t bucket;
aos_table_t *resp_headers = NULL;
aos_status_t *resp_status = NULL;
oss_referer_config_t referer_config;
aos_str_set(&bucket, bucket_name);
aos_list_init(&referer_config.referer_list);
referer_config.allow_empty_referer = 1;
/* You cannot clear a referer whitelist directly. To clear a referer whitelist, you need to create the rule that allows an empty referer field and replace the original rule with the new rule. */
resp_status = oss_put_bucket_referer(oss_client_options, &bucket, &referer_config, &resp_headers);
if (aos_status_is_ok(resp_status)) {
printf("delete bucket referer succeeded\n");
} else {
printf("delete bucket referer failed\n");
}
/* Release the memory pool, that is, memories allocated to resources during the request. */
aos_pool_destroy(pool);
/* Release the allocated global resources. */
aos_http_io_deinitialize();
return 0;
}