提要
很多时候我们有这样的需求:为了安全期间只限制或允许某个或者多个IP上传文件。
配置如下
{ "Statement": [ { "Action": "oss:*", "Effect": "Allow", "Resource": [ "acs:oss:*:*:file-exchange-system/upload/56d4093264104b078e5ae141bd484104p/*", "acs:oss:*:*:file-exchange-system/upload/d6b025b7f0034e61971984010652e4c2p/*" ], "Condition": { "IpAddress": { "acs:SourceIp": ["222.73.109.218", "112.65.248.146 ","222.73.109.226","222.73.109.10 ","203.110.168.2","203.110.168.3","203.110.168.4","140.207.213.146","140.207.213.147","140.207.213.148"] } } }, { "Effect": "Allow", "Action": [ "oss:ListObjects" ], "Resource": [ "acs:oss:*:*:file-exchange-system" ], "Condition": { "StringLike": { "oss:Prefix": [ "upload/56d4093264104b078e5ae141bd484104p/*", "upload/d6b025b7f0034e61971984010652e4c2p/*" ] }, "IpAddress": { "acs:SourceIp": ["222.73.109.218", "112.65.248.146 ","222.73.109.226","222.73.109.10 ","203.110.168.2","203.110.168.3","203.110.168.4","140.207.213.146","140.207.213.147","140.207.213.148"] } } } ], "Version": "1" }
还有这样的需求
只允许一个网段
"acs:SourceIp": ["42.120.88.10", "42.120.66.0/24"]
继续阅读
- 我的QQ
- QQ扫一扫
-
- 我的头条
- 头条扫一扫
-
评论