Simple way to prevent hotlinking via referer fields in the HTTP Request.
(Does not block crafted requests)
- Go to AWS S3 Console
- Go to your bucket name -> Permissions -> Bucket Policy
- Enter the following policy (with replacement at the correct places)
{ "Version": "2008-10-17", "Id": "", "Statement": [ { "Sid": "Allow in my domains", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::imsj-wordpress/*", "Condition": { "StringLike": { "aws:Referer": "https://imsj.dev/*" } } }, { "Sid": "Deny access if referer is not my sites", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::imsj-wordpress/*", "Condition": { "StringNotLike": { "aws:Referer": "https://imsj.dev/*" } } } ] }