我需要阻止来自 Amazon s3 的特定用户代理。我对 S3 相当陌生,通常在 .htaccess 文件中执行此操作,我知道亚马逊无法做到这一点。
我看到了这个拒绝访问用户代理以访问 AWS S3 中的存储桶。解决方案似乎如下所示:
{ "Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::bucket/*",
"Condition":
{ "StringLike": { "aws:UserAgent": "*NSPlayer*" } }
}]
}
但是,我仍然希望允许除该用户代理之外的所有其他用户访问该网站。我的策略目前如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.examplesite.com/*"
}
]
}
当我尝试实现它时,我得到无效的 json。所以,我只是好奇格式化它的正确方法是什么?我希望拥有公共访问权限,但能够阻止几个不同的用户代理。另外,如果我想阻止多个,用户代理会以逗号分隔吗?
感谢您的帮助,非常感谢。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.examplesite.com/*"
},
{
"Sid": "DenyUserAgents",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.examplesite.com/*",
"Condition": {
"StringLike": {
"aws:UserAgent": ["*Firefox*", ... more UserAgents ...]
}
}
}
]
}