33 Comments

  1. Just discovered your blog and am finding it an extremely invaluable resource. thanks so much for posting these tips, they’ve given me some great ideas on how to better use Amazon S3.

  2. What about images hosted on Amazon S3 and being used in WordPress… how can we prevent hotlinking? Does signed url work that way when publishing in a blog post?

  3. This won’t help at all with linking to images; signed URLs expire after the specified period of time.

    The only way to get around others leaching your images is to embed images in flash/javascript (which has its own issues) or to configure the .htaccess file on the server to prevent access to images when the referrer (which is sent by the browser) is an external site (rather than your own site, which is what you’d expect.)

    1. “configure the .htaccess file on the server to prevent access to images when the referrer ”

      But this won’t work with S3 right? I am trying to figure out how to prevent hotlinking in S3. I tried their bucket policies, but they don’t work for me.

      1. Author

        That’s right, .htaccess files don’t work with S3. If someone knows the link, S3 will serve the file. The only way to do it would be some javascript on the original web page to prevent right-clicking and discovering the url of the S3 file. This is only marginally effective and somewhat annoying to users. If you really want to prevent linking to the files themselves, you’ll to store them on the the webserver and use access restrictions.

    2. It obviously would be rather resource intensive if you were running a huge image intensive site, but if you’ve got the resources, or aren’t running a porn empire, using PHP or any other server-side scripting language, you can create a really simple image proxy that just passes through the image from s3:

      $bucket=’urbucket’;
      $key=’sweetimages/urimgpath.jpg’;
      $s3=App::make(‘aws’)->get(‘s3’);
      $result = $s3->getObject(array(‘Bucket’ => $bucket, ‘Key’ => $key));
      $file=$result[‘Body’];

      if (!empty($file)) {
      header(‘Content-type: ‘image/jpg’);
      header(‘Content-length: ‘.strlen($file));
      header(“Content-Disposition: inline; filename=\”” . Whateveryouwant.jpg. “\””);
      echo $file;
      exit;
      }
      else {
      echo “whoops, empty file”;
      }

      you can use whatever access control mechanism you want in your PHP to stop

  4. > Enable / Disable directory browsing…
    > If you don’t want the bucket contents list-able
    > but do want to share the file within it, disable Read access

    If I do this, all files that are added after this change become private too. Which is not very usable for me, as I also need to add files without having to edit their ACLs one by one. Any other suggestions?

  5. Is there a way to allow the public to listen to an mp3 but not download it?

  6. Virtual1: No, not really. But you can put a flash or java player on the web page and it will hide the link to the file on Amazon S3. This will keep most people from finding the file location.

    1. put a flash or java player on the web page and it will hide the link? can u show us how???


  7. Very nice blog post on S3.

    What audio player are you using to play your mp3 on S3? I can’t seem to get WPAudio to work.

    Thanks!

    Frank

  8. Is there a way for the user to access the a shared bucket just using a url request? or does the user have to access the shared bucket using a third party application. I don’t have my bucket shared to everyone I just have it shared to a certain user with read-only rights in the ACL. I have tested the ACL using S3browers but I don’t want to have to use that product. I might even have a script to access the files remotely if possible. any help would be appreciated 🙂

    Chris

    1. Author

      I know no way to do user authentication over http. I think the S3 protocol is required to do that. The closest feature would be the temporary URLs that you create and send, but probably not what you’re looking for. There may be a web-based S3 client to give and in-the-browser experience, but it wouldn’t be a true http request.

  9. Thanks for the response do you know if the shared folders work with the SDK?

  10. Prevent Hotlinking of your Amazon S3 Images | Syamsurian.com

  11. This is some nice and valuable Amazon S3 information. I’ve been looking for a free alternative to bucket explorer, do you know of any that work similar?

  12. For item #2, “Enable / Disable directory browsing,” is there a way to allow the listing of the content of a folder (or any folder within a bucket)? I am asking this because we would like to create a folder for each (anonymous) user and put multiple files in there for her/him. Thanks,

    Yangler

    1. Author

      No, not of which I’m aware. It would require some coding on a website interfacing with S3, but can’t be done directly within S3 as I understand it.

  13. Thanks, Carlton. That was my understanding as well. I’ve mentioned two possible workarounds for content listing:

    1. Create a bucket for each user and put the user’s files in that bucket. However, since bucket names are global across all Amazon S3 accounts, I am not sure whether or not there are any restrictions on the number of buckets an account can have. Another problem is that the end user will still likely have no clue on the XML file.

    2. Create a simple application that reads the content of the specified bucket and displays only the files and sub-folders within the given folder. This is an extra layer of indirection, of course.

    Of course this only applies to public access. For authenticated users, we can always use the S3 management console, or even better, some third party tool such as Bucket Explorer.

  14. That is the best S3 article I have stumbled across on the web. Definitely an area where I have to make the effort to learn more as it could prove invaluable. Thanks for writing it.

  15. Thankyou Carlton for sharing your valuable knowledge.

    Exellant post. Keep you the good work.

    Regards
    Shazad

  16. Is option number 7 “Share your bucket with a someone – whether they’re an S3 user or not.” still supported by Amazon S3. I can’t seem to find the option that you are describing.

  17. How to Prevent Hotlinking of Images Hosted on Amazon S3
  18. Thanks Carlton for the well presented array of suggestions. Our webmaster found the post worthy to forward to the team as we consider how to make only some Amazon hosted images search indexable when our site is not directly hosted on Amazon.

  19. Hi Carlton

    great post! I am hosting JPG files on a S3 CDN – now I want to redirect JPG files to HTML files with the images embedded into it

    I tried adding the HTTP header x-amz-website-redirect-location but it doesn’t work

    what am I doing wrong?

  20. Option #2 does not appear to work; I am interested in users being able to list the contents of individual folders.

  21. Can anyone tell me how to just simply get a directory of files in a bucket? I inherited a thousand files in a bucket and I would like to write a script to sort them by type but can’t get the names in a file to sort them.

    Thanks rodatfiveranksdotcom

If you have a comment or question, please post it here!