Restricting Access to a Bucket for Specific Addresses

You can configure a bucket policy to restrict access to a bucket for specific addresses. This example describes how to deny access from clients whose IP address is in the range of 114.115.1.0/24 to a bucket.

Procedure

  1. In the bucket list, click the bucket you want to operate. The Overview page is displayed.
  2. In the navigation pane, choose Permissions.
  3. Choose Bucket Policies > Custom Bucket Policies.
  4. Click Create Bucket Policy. The Create Bucket Policy dialog box is displayed.
  5. Configure parameters listed in the table below.

    Table 1 Restricting access to a bucket for specific addresses

    Parameter

    Value

    Policy Mode

    Customized

    Effect

    Deny

    Principal
    • Include > Other account
    • If the account ID is set to *, the policy setting takes effect on all anonymous users.
    • Leave the user ID blank.

    Resources
    • Include
    • Leave the field blank, indicating the policy takes effect on the entire bucket.

    Actions
    • Include
    • Select the asterisk (*), indicating all actions are involved.

    Conditions
    • Conditional Operator: IpAddress
    • Key: SourceIP
    • Value: 114.115.1.0/24

  6. Click OK.

Verification

Initiate an access request from an IP address in the range of 114.115.1.0/24. The access is denied. Initiate an access request from an IP address beyond the range of 114.115.1.0/24. The access is allowed.

Parent topic: Application Cases