Big Bass Bonanza Megaways RTP.Claim Your Free 999 Pesos Bonus Today

(@dennis1001)

These policies are used to prevent files from being downloaded from a link, when activated it block offload S3 to connect from the site to the bucket, giving this error message:

There was an error attempting to check the permissions of the bucket cdn.sample.com: Access Denied

How to allow the site to connet to S3?

{
    "Version": "2012-10-17",
    "Id": "http referer policy example",
    "Statement": [
        {
            "Sid": "Allow get requests referred by www.sample.com and sample.com.",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::cdn.sample.com/*",
            "Condition": {
                "StringLike": {
                    "aws:Referer": [
                        "https://www.sample.com/*",
                        "https://sample.com/*"
                    ]
                }
            }
        },
        {
            "Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::cdn.sample.com/*",
            "Condition": {
                "StringNotLike": {
                    "aws:Referer": [
                        "https://www.sample.com/*",
                        "https://sample.com/*"
                    ]
                }
            }
        }
    ]
}

Viewing 9 replies - 1 through 9 (of 9 total)

Plugin Contributor ianmjones
(@ianmjones)

6 years, 8 months ago

WP Offload S3 needs to be able to see the bucket as well as its contents, you’ll need to add resource entries without the trailing “/*”.

https://deliciousbrains.com/wp-offload-s3/doc/quick-start-guide/#bucket-restrictions
Thread Starter Dennis
(@dennis1001)

6 years, 8 months ago
Thanks, @ianmjones but does not work, if I delete “/” I get an error:

Error
Policy has invalid resource

if I delete “/*”
Error
Action does not apply to any resource(s) in statement
- This reply was modified 6 years, 8 months ago by Dennis.
Plugin Contributor ianmjones
(@ianmjones)

6 years, 8 months ago

Please show us the new policy.

Thread Starter Dennis
(@dennis1001)

6 years, 8 months ago

What do you mean by a new policy?

I simply followed your given instructions and posted the result.

dlynch027
(@dlynch027)

6 years, 8 months ago

Funnily enough, @dennis1001 is talking about the S3 Bucket Policy and @ianmjones is talking about the IAM policy.

Incidentally, I too have been having that error in the plugin page even though the plugin itself continues to work properly

Plugin Contributor ianmjones
(@ianmjones)

6 years, 7 months ago

Hmm, ok, show us both the IAM and bucket policies in full? There may be a discrepancy.

Thread Starter Dennis
(@dennis1001)

6 years, 7 months ago

@ianmjones

have you not yet tested the above policy I provided?

Plugin Contributor ianmjones
(@ianmjones)

6 years, 7 months ago

@dennis1001, the policy you showed on the original post is completely different to the style we advise in our quick start guide.

I’m pretty sure your policy isn’t set up correctly to allow access via the functions we specify in the above guide, could you try using what we suggest and see whether it works, then lock it down from a known working state?

Thread Starter Dennis
(@dennis1001)

6 years, 7 months ago

@ianmjones

It has been a while but as I remember it, you correct me if I am wrong, I did follow your guide but it didn’t prevent someone to c&p the URL to the pdf file into the browser and block the pdf from being downloaded from S3.

The above code is the only policy I found that do prevent files from being downloaded by c&p the URL into the browser

https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-4

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Issue with S3 policies’ is closed to new replies.