亞馬遜AWS鬥政策 - Safari瀏覽器不發送引用者信息

Question

我有以下AWS桶策略來限制我的亞馬遜S3的URL訪問：

{ 
"Version": "2008-10-17", 
"Statement": [ 
    { 
     "Sid": "Allowinmydomains", 
     "Effect": "Allow", 
     "Principal": { 
      "AWS": "*" 
     }, 
     "Action": "s3:GetObject", 
     "Resource": "arn:aws:s3:::MyBucket/*", 
     "Condition": { 
      "StringLike": { 
       "aws:Referer": [ 
        "http://www.example.com/*", 
        "http://example.com/*" 
       ] 
      } 
     } 
    }, 
    { 
     "Sid": "Givenotaccessifrefererisnomysites", 
     "Effect": "Deny", 
     "Principal": { 
      "AWS": "*" 
     }, 
     "Action": "s3:GetObject", 
     "Resource": "arn:aws:s3:::MyBucket/*", 
     "Condition": { 
      "StringNotLike": { 
       "aws:Referer": [ 
        "http://www.example.com/*", 
        "http://example.com/*" 
       ] 
      } 
     } 
    } 
] 
} 

上述桶政策適用於所有瀏覽器，除了Safari瀏覽器。由於Safari瀏覽器沒有發送任何referer頭文件，因此在網上進行研究，它應該不起作用。

任何使這種存儲桶策略適用於所有瀏覽器的方法，還是有另一種方法來拒絕對Amazon存儲桶的訪問，以防止從我的站點外部鏈接和下載文件？

謝謝！

Answer 1

請嘗試以下存儲桶策略。您需要確保您的ACL不允許公開訪問您的文件，並且您的存儲桶策略中沒有任何其他規則允許以其他方式訪問（通過繞過這些規則）：

{ 
    "Version":"2008-10-17", 
    "Id":"Bucket policy", 
    "Statement":[ 
    { 
     "Sid":"Allow GET requests referred by www.example.com and example.com", 
     "Effect":"Allow", 
     "Principal":"*", 
     "Action":"s3:GetObject", 
     "Resource":"arn:aws:s3:::example-bucket/*", 
     "Condition":{ 
     "StringLike":{ 
      "aws:Referer":[ 
      "http://www.example.com/*", 
      "http://example.com/*" 
      ] 
     } 
     } 
    }, 
    { 
     "Sid":"Allow GET requests that don't specify a referrer (e.g. from Safari, Flash, etc.)", 
     "Effect":"Allow", 
     "Principal":"*", 
     "Action":"s3:GetObject", 
     "Resource":"arn:aws:s3:::example-bucket/*", 
     "Condition":{ 
     "Null":{ 
      "aws:Referer":true 
     } 
     } 
    } 
    ] 
} 

Answer 2

另一種選擇是強制referrer Safari瀏覽器：

<meta name="referrer" content="always"> 

或：

<meta content="origin" id="mref" name="referrer">