Blocking access to specified sub domains


I am hosting files in amazon s3 buckets. I am accessing these files through a subdomain of my website that I set up in the Cloudflare DNS. I need those files protected from being accessed except through my domain.

Amazon allows me to block access through their bucket policy. This also allows me to whitelist specific URLs through which the files can be accessed. However, since all of those files are coming through cloudflare where I set up a specific subdomain for this bucket they are not protected.

I thought Zone lockdown would work for my needs, but you can only whitelist IPs, not URLs. I’m using Heroku so I am unable to provide the IPs that need to access these files.

How can I block access to these subdomains while whitelisting specific URLs where they can be accessed?


This sounds more like an AWS problem.

From your description, you don’t want files accessed unless it’s through your Cloudflare subdomain.

Or you just trying to limit access by Referrer? More like a Scrape Shield/Hotlink Protection?