Restricting Access to a Bucket for Specific Addresses

You can configure a bucket policy to restrict access to a bucket for specific addresses. This example describes how to deny access from clients whose IP address is in the range of 114.115.1.0/24 to a bucket.

Procedure

In the bucket list, click the bucket you want to operate to go to the Objects page.
In the navigation pane, choose Permissions > Bucket Policies.
Click Create.

Configure parameters listed in the table below.

Table 1 Restricting access to a bucket for specific addresses
Parameter		Description
Configuration method		Choose Visual Editor.
Policy Name		Enter a custom policy name.
Policy content	Effect	Select Deny.
	Principals	Select All accounts.
	Resources	Method 1: Select Entire bucket (including the objects in it). Method 2: Select Current bucket and Specified objects. Set the resource path to * (indicating all objects in the bucket).
	Actions	Choose Customize. Select * (indicating all actions).
	Conditions	Key: Select SourceIp. Condition Operator: Select IpAddress. Value: Enter 114.115.1.0/24.

Click Create in the lower right corner.

Verification

Initiate an access request from an IP address in the range of 114.115.1.0/24. The access is denied. Initiate an access request from an IP address beyond the range of 114.115.1.0/24. The access is allowed.

Parent topic: Application Cases

Предыдущая статья

Granting Other Accounts Permissions to Operate a Specific Bucket

Следующая статья

Limiting the Time When Objects in a Bucket Are Accessible

Была ли эта статья полезна?

Поддержка Юридические документы