Configuring URL Validation

OBS enables blacklisted URLs to be blocked whereas whitelisted URLs are permitted to avoid link theft.


Static website hosting has been enabled.


  1. Log in to OBS Console.
  2. In the bucket list, click the target bucket to go to the Summary page.
  3. In the navigation tree on the left, click Static Website Hosting.
  4. Click the URL Validation card, as shown in Figure 1. The following describes the principles for setting Referrers:

    • Referrers are separated from each other using newlines.
    • When Whitelisted Referrers is empty but Blacklisted Referrers is not, all websites except specified ones in the blacklist are allowed to access data in the target bucket.
    • When Whitelisted Referrers is not empty and Blacklisted Referrers is empty or not empty, only specified websites in the whitelist are allowed to access data in the target bucket.

    When Whitelisted Referrers is the same as Blacklisted Referrers, the blacklist takes effect. For example, if the Referrers fields of both Whitelisted Referrers and Blacklisted Referrers are set to, the access request from is blocked.

    • When Whitelisted Referrers and Blacklisted Referrers are empty, all websites are allowed to access data in the target bucket by default.
    • URL validation works only when users attempt to access buckets using URL signatures or in an anonymous manner, and skips the requests whose header information contains the Authorization field.
    • Before determining whether a user has the four types of permissions (ReadWriteACL View, and ACL Edit) for a bucket or objects in the bucket, check whether the user complies with the URL validation principles of the Referrers field.

  5. Enter values for Whitelisted Referrers and Blacklisted Referrers based on site requirements.

    For example:

    • If Whitelisted Referrers of bucket test-111 is set to and Blacklisted Referrers is empty, only requests whose Referrers is can access data in the bucket.
    • If Blacklisted Referrers of bucket test-111 is set to and Whitelisted Referrers is empty, all requests except the requests whose Referrers is can access data in the bucket.

  6. Click OK.

    Figure 1 URL Validation

    A message is displayed indicating a successful URL validation setting.

Follow-up Procedure

To delete whitelisted or blacklisted websites, delete the websites in Whitelisted Referrers or Blacklisted Referrers and click OK.