So I just made the following bucket policy:
{ "Version": "2012-10-17", "Id": "http referer policy example", "Statement": [ { "Sid": "Allow get requests originated from www.example.com and example.com", "Effect": "Allow", "Principal": "", "Action": "s3:", "Resource": "arn:aws:s3:::examplebucket/", "Condition": { "StringLike": { "aws:Referer": "http://example.com/" } } }, { "Sid": "Explicit deny to ensure requests are allowed only from specific referer.", "Effect": "Deny", "Principal": "", "Action": "s3:", "Resource": "arn:aws:s3:::examplebucket/", "Condition": { "StringNotLike": { "aws:Referer": "http://example.com/" } } } ] }
My goal is to allow ONLY viewing of videos on my website, no downloading, no hotlinking. This policy works in the sense that if you go to my website and grab the amazon link from the page source and copy it in your browser, you'll get a access denied message. HOWEVER, if you use chrome and view page source and either: click on the link, right click and hit open in a new tab, right click and hit open in a new window it WILL immediately download the link and close the new tab/window. ACL's are set to private. What's going on here?
I looked into signed urls but that seems pointless because my videos are hours long and people can just DL before the link expires. Thanks.
