Read Permissions

It is possible to permit operations for reading from containers.

It is also possible to permit referrer headers included in HTTP requests.
  • By setting permission for a specific referrer in a container, reading is possible if that referrer is included in requests.
  • In addition, if all referrers are permitted, even requests that do not contain referrers will be permitted.
  • Settings to permit referrers make it possible to read without performing authentication of tokens, lowering the level of security. Therefore this is not recommended.

The settings for permitting projects and users are specified in the following format.

When specifying multiple settings, separate them with a comma.

Setting Content Description Method
Permit a project {projId}:*
Permit a user {projId}:{userId}

The settings for permitting referrers are specified in the following format.

When specifying multiple settings, separate them with a comma.

Setting Content Description Method
Permit all referrers .r:*
Permit hosts of referrers .r:{host}
Permit domains of referrers (*1) .r:.{domain} or .r:*.{domain}
Reject hosts of referrers .r:-{host}
Reject domains of referrers (*2) .r:-.{domain} or .r:-*.{domain}
Permit retrieval of a list of objects (Only when ACL is set for referrers) .rlistings

Caution is necessary regarding conflicting settings, as only the latter setting will be enabled.

The following is an example of settings for referrers, in which a domain is permitted but requests from a specific host in that domain are rejected.

  • Correct setting

    .r:*.test.jp,.r:-server.test.jp

  • Incorrect setting (The request will not be rejected even if the host of the referrer is "server.test.jp")

    .r:-server.test.jp,.r:*.test.jp

(*1) If .r:*.{domain} is specified, it will be registered in .r:.{domain}

(*2) If .r:-*.{domain} is specified, it will be registered in .r:-.{domain}

When permitting a user

Example of Request


       curl -i $publicURL/marktwain -X POST -H "X-Container-Read: 412b1ede9e4042d3b81fdb6728576199:ddf0902c56ef42fd9d6a3263b1bb686f" -H "X-Auth-Token: $token"

When permitting multiple users and permitting retrieval of a list of objects

Example of Request


       curl -i $publicURL/marktwain -X POST -H  "X-Container-Read: .r:server.test.jp,.r:*.co.jp,.rlistings" -H "X-Auth-Token: $token"

When rejecting the host of a referrer

Example of Request


       curl -i $publicURL/marktwain -X POST -H  "X-Container-Read: .r:*,.r:-server.test.jp" -H "X-Auth-Token: $token"