S3政策停止盜鏈？

Question

我們目前的S3政策原文：

{ 
"Version": "2008-10-17", 
"Id": "45103629-690a-4a93-97f8-1abe2f9bb68c", 
"Statement": [ 
    { 
     "Sid": "AddPerm", 
     "Effect": "Allow", 
     "Principal": { 
      "AWS": "*" 
     }, 
     "Action": "s3:GetObject", 
     "Resource": "arn:aws:s3:::incredibad29/*" 
    } 
] 
} 

這只是允許任何人從內部訪問文件。

我們希望添加一個盜鏈鏈接語句，以便用戶只能從我們的網站引用該文件。所以從一個域名開始incredibad29.com或www.incredibad.com

我只是無法弄清楚如何做到這一點。任何幫助將是驚人的，謝謝！

Answer 1

如果它是圖像和其它媒體類型，存在使用內容類型頭一個已知黑客：

There’s a workaround that you may use to block hotlinking of selective images and files that you think are putting a major strain in your Amazon S3 budget. When you upload a file to your Amazon S3 account, the service assigns a certain Content-Type to every file based on its extension. For instance, a .jpg file will have the Content-Type set as image/jpg while a .html file will have the Content-Type as text/html. A hidden feature in Amazon S3 is that you can manually assign any Content-Type to any file, irrespective of the file’s extension, and this is what you can use to prevent hotlinking.

來源：http://www.labnol.org/internet/prevent-image-hotlinking-in-amazon-s3/13156/

---

我認爲這是非常基本的技術。但是，如果您瀏覽了「google s3 hotlinking deny」的6350結果，您可能會發現其他方法:)