【问题标题】:Amazon S3 Bucket Policy Block User AgentAmazon S3 存储桶策略阻止用户代理
【发布时间】:2020-06-06 18:37:19
【问题描述】:

我需要阻止来自 amazon s3 的特定用户代理。我对 S3 相当陌生,通常在 .htaccess 文件中执行此操作,据我所知,亚马逊无法做到这一点。

我看到了这个Deny access to user agent to access a bucket in AWS S3。解决方案看起来像这样:

{ "Version": "2012-10-17", 
  "Statement": [{ 
              "Effect": "Deny", 
              "Principal": "*", 
              "Action": "s3:*",

              "Resource": "arn:aws:s3:::bucket/*", 
              "Condition": 
                      { "StringLike": { "aws:UserAgent": "*NSPlayer*" } } 
}] 
}

但是,我仍然希望允许除该用户代理之外的所有其他用户访问该站点。我的政策目前如下所示:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::www.examplesite.com/*"
        }
    ]
}

当我尝试实现它时,我得到了无效的 json。所以,我只是好奇格式化它的正确方法是什么?我想拥有公共访问权限,但能够阻止一些不同的用户代理。另外,如果我想阻止多个用户代理,用户代理会用逗号分隔吗?

感谢您的帮助,非常感谢。

【问题讨论】:

    标签: amazon-web-services amazon-s3


    【解决方案1】:
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "PublicReadGetObject",
          "Effect": "Allow",
          "Principal": "*",
          "Action": "s3:GetObject",
          "Resource": "arn:aws:s3:::www.examplesite.com/*"
        },
        {
          "Sid": "DenyUserAgents",
          "Effect": "Deny",
          "Principal": "*",
          "Action": "s3:GetObject",
          "Resource": "arn:aws:s3:::www.examplesite.com/*",
          "Condition": {
            "StringLike": {
              "aws:UserAgent": ["*Firefox*", ... more UserAgents ...]
            }
          }
        }
      ]
    }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2011-09-10
      • 2023-02-26
      • 2013-01-08
      • 2023-03-29
      • 2023-03-31
      • 1970-01-01
      • 2013-12-21
      • 1970-01-01
      相关资源
      最近更新 更多