doc-exports/docs/obs/perms-cfg/obs_40_0036.html

<a name="obs_40_0036"></a><a name="obs_40_0036"></a>

<h1 class="topictitle1">Restricting Access to a Bucket for Specific IP Addresses</h1>
<div id="body1593486216448"><div class="section" id="obs_40_0036__section43491717165116"><h4 class="sectiontitle">Scenario</h4><p id="obs_40_0036__p3431154410448">This case describes how to restrict the source IP addresses that can access an OBS bucket. The following shows how to deny a client access whose source IP address is within the range of 114.115.1.0/24.</p>
</div>
<div class="section" id="obs_40_0036__section106520378518"><h4 class="sectiontitle">Recommended Configuration</h4><p id="obs_40_0036__p103657437515">Bucket policy</p>
</div>
<div class="section" id="obs_40_0036__section18368164564"><h4 class="sectiontitle">Procedure</h4><ol id="obs_40_0036__ol170633855216"><li id="obs_40_0036__li724955124912"><span>In the navigation pane of OBS Console, choose <strong id="obs_40_0036__b107282205911">Object Storage</strong>.</span></li><li id="obs_40_0036__li32491951194912"><span>In the bucket list, click the bucket name you want to go to the <strong id="obs_40_0036__b152428572223838">Overview</strong> page.</span></li><li id="obs_40_0036__li5249145194918"><span>In the navigation pane, choose <strong id="obs_40_0036__b1865245419914">Permissions</strong>.</span></li><li id="obs_40_0036__li1568715376490"><span>On the <strong id="obs_40_0036__b0971531143711">Bucket Policies</strong> page, click <strong id="obs_40_0036__b16973131163713">Create Bucket Policy</strong> under <strong id="obs_40_0036__b49748316372">Custom Bucket Policies</strong>.</span></li><li id="obs_40_0036__li3552175452220"><span>Configure a bucket policy.</span><p><div class="fignone" id="obs_40_0036__fig84467351037"><span class="figcap"><b>Figure 1 </b>Configuring a bucket policy</span><br><span><img id="obs_40_0036__image94489351433" src="en-us_image_0000001386029478.png"></span></div>

<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_40_0036__table374341792315" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a bucket policy</caption><thead align="left"><tr id="obs_40_0036__row27504174239"><th align="left" class="cellrowborder" valign="top" width="26.88%" id="mcps1.3.3.2.5.2.2.2.3.1.1"><p id="obs_40_0036__p107559176234"><strong id="obs_40_0036__b1545917931102217">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="73.11999999999999%" id="mcps1.3.3.2.5.2.2.2.3.1.2"><p id="obs_40_0036__p1976317170239"><strong id="obs_40_0036__b1841402777102217">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="obs_40_0036__row1246385816164"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0036__p04631584161">Policy Mode</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0036__p19463175819166">Select <strong id="obs_40_0036__b511156148102217">Customized</strong>.</p>
</td>
</tr>
<tr id="obs_40_0036__row169652214311"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0036__p136964228313">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0036__p106961221034">Select <strong id="obs_40_0036__b184886159102217">Deny</strong>.</p>
</td>
</tr>
<tr id="obs_40_0036__row8783617122317"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0036__p478519172231">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><ul id="obs_40_0036__ul1341145419174"><li id="obs_40_0036__li6417546174">Choose <strong id="obs_40_0036__b756564418307">Include</strong> &gt; <strong id="obs_40_0036__b1103194773118">Cloud service user</strong>.</li><li id="obs_40_0036__li86471722155910"><strong id="obs_40_0036__b9210135813379">Account ID</strong>: Enter <strong id="obs_40_0036__b1762717319311">*</strong>, which indicates that the setting takes effect for all registered users and anonymous users.</li><li id="obs_40_0036__li1817212615912"><strong id="obs_40_0036__b183971074385">User ID</strong>: Leave the user ID blank.</li></ul>
</td>
</tr>
<tr id="obs_40_0036__row081741752319"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0036__p15821617102320">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><p id="obs_40_0036__p18889591547">Select <strong id="obs_40_0036__b1144534799102217">Include</strong> &gt; <strong id="obs_40_0036__b157832318102217">Entire bucket</strong>.</p>
</td>
</tr>
<tr id="obs_40_0036__row3951641158"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0036__p10952134114519">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><ul id="obs_40_0036__ul1663065817513"><li id="obs_40_0036__li1563025812519"><strong id="obs_40_0036__b1284299118102217">Include</strong></li><li id="obs_40_0036__li10224301466">Action Name: Select <strong id="obs_40_0036__b87907133218">*</strong>, which indicates all permissions.</li></ul>
</td>
</tr>
<tr id="obs_40_0036__row138371643165416"><td class="cellrowborder" valign="top" width="26.88%" headers="mcps1.3.3.2.5.2.2.2.3.1.1 "><p id="obs_40_0036__p2329115416419">Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="73.11999999999999%" headers="mcps1.3.3.2.5.2.2.2.3.1.2 "><ul id="obs_40_0036__ul4774185114612"><li id="obs_40_0036__li177741358462"><strong id="obs_40_0036__b783743033102217">Conditional Operator</strong>: <strong id="obs_40_0036__b1437887862102217">IpAddress</strong></li><li id="obs_40_0036__li1764818167461"><strong id="obs_40_0036__b7796443112616">Key</strong>: Select <strong id="obs_40_0036__b1479794342614">SourceIp</strong>.</li><li id="obs_40_0036__li295412744610"><strong id="obs_40_0036__b8342151815327">Value</strong>: Enter <strong id="obs_40_0036__b534351893213">114.115.1.0/24</strong>.<div class="note" id="obs_40_0036__note159463615311"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="obs_40_0036__p0954364536">Use commas (,) to separate multiple IP addresses.</p>
</div></div>
</li></ul>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="obs_40_0036__note26171019823"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="obs_40_0036__p13617121915215">If you want to allow clients whose IP addresses are outside the configured range to access your bucket, grant access permissions to anonymous users by referring to <a href="obs_40_0030.html">Granting Permissions to Anonymous Users</a>.</p>
</div></div>
</p></li><li id="obs_40_0036__li14457546165717"><span>Click <strong id="obs_40_0036__b8709194992814">OK</strong>.</span></li></ol>
</div>
<div class="section" id="obs_40_0036__section159232335471"><h4 class="sectiontitle">Verification</h4><p id="obs_40_0036__p1589143714477">Initiate an access request from an IP address within 114.115.1.0/24. The access is denied. Initiate an access request from an IP address outside 114.115.1.0/24. The access is allowed.</p>
</div>
<div class="section" id="obs_40_0036__section1983162754"><h4 class="sectiontitle">Related Scenarios</h4><ul id="obs_40_0036__ul11637161915157"><li id="obs_40_0036__li20637119161513">To allow only a specified IP address to access the OBS bucket, set <strong id="obs_40_0036__b114633711381">Condition Operator</strong> to <strong id="obs_40_0036__b74623716384">NotIpAddress</strong> and specify the allowed IP address as the <strong id="obs_40_0036__b164616378382">Value</strong>.</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_40_0012.html">Permission Configuration in Typical Scenarios</a></div>
</div>
</div>