使用Android SDK配置Referer防盗链来阻止其他网站引用OSS文件

您可以使用Android SDKOSS中配置基于请求标头Referer的访问规则,包括白名单Referer、黑名单Referer以及是否允许空Referer等,阻止某些Referer访问您的OSS文件,防止其他网站盗用您的文件,并避免由此引起的不必要的流量费用增加。

注意事项

  • 在配置防盗链之前,请确保您已了解该功能。详情请参见防盗链

  • 本文以华东1(杭州)外网Endpoint为例。如果您希望通过与OSS同地域的其他阿里云产品访问OSS,请使用内网Endpoint。关于OSS支持的RegionEndpoint的对应关系,请参见访问域名和数据中心

  • 本文以OSS域名新建OSSClient为例。如果您希望通过自定义域名、STS等方式新建OSSClient,请参见初始化

  • 要设置或清空防盗链,您必须具有oss:PutBucketReferer权限;要获取防盗链,您必须具有oss:GetBucketReferer权限。具体操作,请参见RAM用户授权自定义的权限策略

设置防盗链

以下代码用于设置防盗链:

PutBucketRefererRequest request = new PutBucketRefererRequest();
request.setBucketName("examplebucket");
// 添加Referer白名单。Referer参数支持通配符星号(*)和问号(?)。
ArrayList<String> referers = new ArrayList<String>();
referers.add("http://www.aliyun.com");
referers.add("https://www.aliyun.com");
// referers.add("http://www.help.aliyun.com");
// referers.add("http://www.?.aliyuncs.com");
request.setReferers(referers);

OSSAsyncTask task = oss.asyncPutBucketReferer(request, new OSSCompletedCallback<PutBucketRefererRequest, PutBucketRefererResult>() {
    @Override
    public void onSuccess(PutBucketRefererRequest request, PutBucketRefererResult result) {
        OSSLog.logInfo("code: " + result.getStatusCode());
    }
    @Override
    public void onFailure(PutBucketRefererRequest request, ClientException clientException, ServiceException serviceException) {
        OSSLog.logError("error: "+serviceException.getRawMessage());
    }
});
task.waitUntilFinished();

获取防盗链配置

以下代码用于获取防盗链配置:

GetBucketRefererRequest request = new GetBucketRefererRequest();
request.setBucketName("yourBucketName");
OSSAsyncTask task = oss.asyncGetBucketReferer(request, new OSSCompletedCallback<GetBucketRefererRequest, GetBucketRefererResult>() {
    @Override
    public void onSuccess(GetBucketRefererRequest request, GetBucketRefererResult result) {
        // 获取存储空间Referer白名单列表。
        ArrayList<String> list = result.getReferers();
        for (String ref : list){
            OSSLog.logInfo("info: " + ref);
        }
    }
    @Override
    public void onFailure(GetBucketRefererRequest request, ClientException clientException, ServiceException serviceException) {
        OSSLog.logError("error: "+serviceException.getRawMessage());
    }
});
task.waitUntilFinished();

清空防盗链

以下代码用于清空防盗链:

PutBucketRefererRequest request = new PutBucketRefererRequest();
request.setBucketName("yourBucketName");
request.setAllowEmpty(true);
// 防盗链不能直接清空,需要新建一个允许空Referer的规则来覆盖之前的规则。
ArrayList<String> referers = new ArrayList<String>();

request.setReferers(referers);
OSSAsyncTask task = oss.asyncPutBucketReferer(request, new OSSCompletedCallback<PutBucketRefererRequest, PutBucketRefererResult>() {
    @Override
    public void onSuccess(PutBucketRefererRequest request, PutBucketRefererResult result) {
        OSSLog.logInfo("code: " + result.getStatusCode());

    }
    @Override
    public void onFailure(PutBucketRefererRequest request, ClientException clientException, ServiceException serviceException) {
        OSSLog.logError("error: "+serviceException.getRawMessage());

    }
});
task.waitUntilFinished();

相关文档

  • 关于防盗链的完整示例代码,请参见GitHub

  • 关于设置防盗链的API接口说明,请参见PutBucketReferer

  • 关于获取防盗链配置的API接口说明,请参见GetBucketReferer