Blocking access to specified sub domains


#1

I am hosting files in amazon s3 buckets. I am accessing these files through a subdomain of my website that I set up in the Cloudflare DNS. I need those files protected from being accessed except through my domain.

Amazon allows me to block access through their bucket policy. This also allows me to whitelist specific URLs through which the files can be accessed. However, since all of those files are coming through cloudflare where I set up a specific subdomain for this bucket they are not protected.

I thought Zone lockdown would work for my needs, but you can only whitelist IPs, not URLs. I’m using Heroku so I am unable to provide the IPs that need to access these files.

How can I block access to these subdomains while whitelisting specific URLs where they can be accessed?


#2

This sounds more like an AWS problem.

From your description, you don’t want files accessed unless it’s through your Cloudflare subdomain.

Or you just trying to limit access by Referrer? More like a Scrape Shield/Hotlink Protection?


#3

I think I want hotlink protection.

AWS seems to be working correctly. I set a bucket policy and when I try to access it via the aws s3 link provided, it blocks access unless it is accessed through an approved domain.

I’m routing all of the files through Cloudflare so that they will cache. To do this I had to set up a subdomain in the Cloudflare DNS to access these files. Now, when anyone can access the files freely through the new subdomain. How can I restrict access through Cloudflare to specified domains?


#4

It sounds like a CORS policy, though I’ve not experimented with that on S3.


closed #5

This topic was automatically closed after 30 days. New replies are no longer allowed.