Tencent Cloud COS provides hotlink protection support for users to avoid unnecessary losses caused by malicious programs' cheating for public network traffic using resource URLs or stealing of resources by malicious means. It is recommended that you configure the blocklist/allowlist in Hotlink Protection Settings in the console for security protection.
Hotlink protection-based verification is not required for object access requests with signed URL or headers.
*
, with examples as shown below:www.example.com
is specified, www.example.com/123
, www.example.com.cn
, and other addresses with the prefix of www.example.com
will also be included in the list.www.example.com:8080
and 10.10.10.10:8080
.*.example.com
is specified, such addresses as a.b.example.com/123
and a.example.com
are also included.If accelerated access is implemented via CDN domain name, CDN hotlink protection rules will be executed before COS hotlink protection rules.
A user with the APPID of 1250000000 creates a bucket named examplebucket-1250000000 and places an image picture.jpg in the root directory, and COS generates the following default access address according to the rules:
examplebucket-1250000000.file.myqcloud.com/picture.jpg
User A owns a website:
www.example.com
and embeds the image into the homepage index.html.
Webmaster B manages a website:
www.fake.com
and wants to put this image on www.fake.com'. But he doesn't want to pay for traffic costs. He creates a direct link to picture.jpg through the following address and places it into the homepage index.html on
www.fake.com`.
examplebucket-1250000000.file.myqcloud.com/picture.jpg
To avoid losses of User A in such cases, we provide the following two methods to enable hotlink protection.
Configure the blocklist by entering the domain name *.fake.com
, and save.
Configure the allowlist by entering the domain name *.example.com
, and save.
The image is displayed normally when http://www.example.com/index.html
is accessed.
The image is also displayed normally when http://www.fake.com/index.html
is accessed.
The image is displayed normally when http://www.example.com/index.html
is accessed.
The image cannot be displayed when http://www.fake.com/index.html
is accessed.
https://servicewechat.com/{appid}/{version}/page-frame.html
.servicewechat.com
to your hotlink allowlist in the COS console.
Was this page helpful?