本文介绍了Amazon CloudFront与S3->限制域访问?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在Amazon S3上,您可以按域限制对存储桶的访问。

On Amazon S3, you can restrict access to buckets by domain.

但是据我从一个有用的StackOverflow用户那里了解,您不能在CloudFront上执行此操作。但为什么?如果我是正确的,CloudFront仅允许基于时间的限制或IP限制(->所以我需要知道随机访问者的IP .. ??)还是我遗漏了什么?

But as far as I understand from a helpful StackOverflow user, you cannot do this on CloudFront. But why? If I am correct, CloudFront only allows time-based restrictions or IP restrictions (--> so I need to know the IP's of random visitors..?) Or am I missing something?

这里是S3文档的引文,表明可能对每个域进行限制:

Here is a quote from S3 documentation that suggests that per-domain restriction is possible:

--->允许从您的目录读取这些对象在网站上,您可以使用aws:referer键添加允许条件带有s3:GetObject权限的存储桶策略,该条件必须使get请求必须源自特定网页。

---> " To allow read access to these objects from your website, you can add a bucket policy that allows s3:GetObject permission with a condition, using the aws:referer key, that the get request must originate from specific webpages. "

->有没有办法使这种方法也可以在CloudFront上工作?还是为什么在CloudFront上不提供这样的服务?

--> Is there a way to make this method work on CloudFront as well? Or why something like this is not available on CloudFront?

->是否有类似的服务可能且更容易设置?

--> Is there a similar service where this is possible, easier to setup?

推荐答案

结合使用CloudFront和WAF(Web应用程序防火墙),您可以基于IP地址,引荐来源网址或域来限制请求。

Using CloudFront along with WAF (Web Application Firewall), you can restrict requests based on IP address, referrers, or domains.

这是有关限制热链接的AWS博客教程。

Here is a AWS blog tutorial on restricting "hotlinking".

在此示例中,它禁止请求 Referrer:标头与特定域不匹配的请求。

In this example, it prohibits requests where the Referrer: header does not match a specific domain.

这篇关于Amazon CloudFront与S3->限制域访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-15 03:05