doc-exports/docs/obs/umn/obs_03_0130.html

<a name="obs_03_0130"></a><a name="obs_03_0130"></a>

<h1 class="topictitle1">Restricting Access to a Bucket for Specific Addresses</h1>
<div id="body1557026128761"><p id="obs_03_0130__p5170135082114">You can configure a bucket policy to restrict access to a bucket for specific addresses. This example describes how to deny access from clients whose IP address is in the range of <strong id="obs_03_0130__b17381718226">114.115.1.0/24</strong> to a bucket.</p>
<div class="section" id="obs_03_0130__section1253154454117"><h4 class="sectiontitle">Procedure</h4><ol id="obs_03_0130__ol167194524120"><li id="obs_03_0130__li76754510417"><span>In the bucket list, click the bucket you want to operate to go to the <strong id="obs_03_0130__obs_03_0307_b5948183711913">Objects</strong> page.</span></li><li id="obs_03_0130__li61722017207"><span>In the navigation pane, choose <strong id="obs_03_0130__b46061711202017">Permissions</strong> &gt; <strong id="obs_03_0130__b060651192014">Bucket Policies</strong>.</span></li><li id="obs_03_0130__li516619375538"><span>Click <strong id="obs_03_0130__b25180275412">Create</strong>.</span></li><li id="obs_03_0130__li175411318101914"><span>Configure the following parameters in the <strong id="obs_03_0130__b11181134019228">Create Bucket Policy</strong> dialog box.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_03_0130__table6375112782815" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Restricting access to a bucket for specific addresses</caption><thead align="left"><tr id="obs_03_0130__row6375927132818"><th align="left" class="cellrowborder" valign="top" width="21.84%" id="mcps1.3.2.2.4.2.1.2.3.1.1"><p id="obs_03_0130__p2078881521917">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="78.16%" id="mcps1.3.2.2.4.2.1.2.3.1.2"><p id="obs_03_0130__p63751027152820">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_03_0130__row1391771711228"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.2.2.4.2.1.2.3.1.1 "><p id="obs_03_0130__p719151111912">Configuration method</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.2.2.4.2.1.2.3.1.2 "><p id="obs_03_0130__p69178170221">Choose <strong id="obs_03_0130__b5968541192315">Visual Editor</strong>.</p>
</td>
</tr>
<tr id="obs_03_0130__row17375102752819"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.2.2.4.2.1.2.3.1.1 "><p id="obs_03_0130__p1419111119196">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.2.2.4.2.1.2.3.1.2 "><p id="obs_03_0130__p83758278280">Enter a custom name.</p>
</td>
</tr>
<tr id="obs_03_0130__row133751227142812"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.2.2.4.2.1.2.3.1.1 "><p id="obs_03_0130__p1731417253141">Effect</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.2.2.4.2.1.2.3.1.2 "><p id="obs_03_0130__p1150132882414">Deny</p>
</td>
</tr>
<tr id="obs_03_0130__row33867294264"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.2.2.4.2.1.2.3.1.1 "><p id="obs_03_0130__p43864290269">Principal</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.2.2.4.2.1.2.3.1.2 "><p id="obs_03_0130__p1730441212225">Select <strong id="obs_03_0130__b194121235162412">All accounts</strong>.</p>
</td>
</tr>
<tr id="obs_03_0130__row15368143312619"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.2.2.4.2.1.2.3.1.1 "><p id="obs_03_0130__p13681533112618">Resources</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.2.2.4.2.1.2.3.1.2 "><p id="obs_03_0130__p18815220252">Select <strong id="obs_03_0130__b13416184712248">Entire bucket (including the objects in it)</strong>.</p>
</td>
</tr>
<tr id="obs_03_0130__row747010261281"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.2.2.4.2.1.2.3.1.1 "><p id="obs_03_0130__p12471112612810">Actions</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.2.2.4.2.1.2.3.1.2 "><p id="obs_03_0130__p158112036122717">Select <strong id="obs_03_0130__b132881312132516">Customize</strong> and then <strong id="obs_03_0130__b1528921252511">*</strong> (indicating all actions).</p>
</td>
</tr>
<tr id="obs_03_0130__row3326453134518"><td class="cellrowborder" valign="top" width="21.84%" headers="mcps1.3.2.2.4.2.1.2.3.1.1 "><p id="obs_03_0130__p63271953124516">Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="78.16%" headers="mcps1.3.2.2.4.2.1.2.3.1.2 "><ul id="obs_03_0130__ul043513664611"><li id="obs_03_0130__li17435196114611"><strong id="obs_03_0130__b19177641123119">Conditional Operator</strong>: <strong id="obs_03_0130__b10912524131710">IpAddress</strong></li><li id="obs_03_0130__li1243514618461"><strong id="obs_03_0130__b3248124318315">Key</strong>: <strong id="obs_03_0130__b194301328111717">SourceIP</strong></li><li id="obs_03_0130__li94351567466"><strong id="obs_03_0130__b251993919118">Value</strong>: <strong id="obs_03_0130__b251913391414">114.115.1.0/24</strong></li></ul>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="obs_03_0130__li1258419325301"><span>Click <strong id="obs_03_0130__b3333414145512">Create</strong> in the lower right corner.</span></li></ol>
</div>
<div class="section" id="obs_03_0130__section159232335471"><h4 class="sectiontitle">Verification</h4><p id="obs_03_0130__p1589143714477">Initiate an access request from an IP address in the range of <strong id="obs_03_0130__b6378127163111">114.115.1.0/24</strong>. The access is denied. Initiate an access request from an IP address beyond the range of <strong id="obs_03_0130__b13944161019320">114.115.1.0/24</strong>. The access is allowed.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_03_0127.html">Application Cases</a></div>
</div>
</div>