Overview
Tencent Cloud COS provides hotlink protection support for users to avoid unnecessary losses caused by malicious programs' cheating for public network traffic using resource URLs or stealing of resources by malicious means. It is recommended that you configure the blacklist/whitelist in Hotlink Protection Settings in the console for security protection.
Procedure
- Log in to the COS Console and then select the Bucket List in the left pane to go to the Bucket List page. Click the bucket (such as examplebucket-1250000000) for which you want to set hotlink protection to enter the bucket.
- Find the Bucket for which you want to set up Hotlink protection Prevent hotlinking, click its name, and go to the Bucket management page.
- Click Basic Configuration, find Hotlink Protection Settings, and click Edit.
- Modify the current status to Enabled, select a list type (blacklist or whitelist), enter applicable domain names, and then click Save.
- Blacklist: Domain names on this list are not allowed to access the default access address of the bucket. 403 is returned if any domain name on the list accesses such address.
- Whitelist: Only domain names on this list are allowed to access the default access address of the bucket. 403 is returned if any domain name not on the list accesses such address.
- In HTTP requests, the header referer can be left empty. (An HTTP request header without the field of referer is allowed or the referer field is empty.)
- Referer: Support setting up to 10 domain names with the same prefix matching, each line, multiple lines, please wrap; domain name, IP and wildcard characters are supported
*And other forms of address. Example:- If
www.example.comIs specified,www.example.com/123,www.example.com.cn, and other addresses with the prefix ofwww.example.comWill also be included in the list;
Domain names and IPs with ports are supported, such aswww.example.com:8080And10.10.10.10:8080. - If
* .example.comIs specified, such addresses asa.b.example.com/123Anda.example.comAre also included.
- If
If accelerated access is implemented via CDN domain name, CDN hotlink protection rules will be executed before COS hotlink protection rules.
Samples
A user with the APPID of 1250000000 creates a bucket named examplebucket-1250000000 and places an image picture.jpg in the root directory, and COS generates the following default access address according to the rules:
http://examplebucket-1250000000.file.myqcloud.com/picture.jpgUser A owns a website:
www.example.comAnd embeds the image into the homepage index.html.
Webmaster B manages a website:
www.fake.comAnd wants to put this image on www.fake.com'. But he doesn't want to pay for traffic costs. He creates a direct link to picture.jpg through the following address and places it into the homepage index.html on Www.fake.com`s.
http://examplebucket-1250000000.file.myqcloud.com/picture.jpgTo avoid losses of User A in such cases, we provide the following two methods to enable hotlink protection.
Method 1
Configure the Blacklist By entering the domain name *.fake.com , and save.
Method 2
Configure the Whitelist By entering the domain name *.example.com , and save.
Before enabled
The image is displayed normally when http://www.example.com/index.html Is accessed.
The image is also displayed normally when http://www.fake.com/index.html Is accessed.
After enabled
The image is displayed normally when http://www.example.com/index.html Is accessed.
The image cannot be displayed when http://www.fake.com/index.html Is accessed.
Mini Program's related instructions
- The referer of Mini Program's network request is not allowed, and the format is fixed as
https://servicewechat.com/{appid}/{version}/page-frame.htmlFor more information, please see Mini Program development document . - To access the COS resources of WeChat Mini Programs and Access, please configure Hotlink protection Prevent hotlinking whitelist on the COS console:
servicewechat.com.
