top | item 39920181

(no title)

jdmarble | 1 year ago

I'm not sure I understand all of the nuances here (I'm no webmaster), but this is covered in the documentation you linked:

> You must configure page rules to allow Cloudflare to fetch only your Backblaze B2 bucket from your domain. ... Otherwise, someone could use your domain to fetch content from another customer's public bucket. To ensure this does not happen, Cloudflare lets you use page rules to scope requests to your bucket.

discuss

Guzba|1 year ago

The example shows leaving your bucket name in the url as a way to filter out requests to other bucket names. If you want your static site to have http://mysite.com/bucketname/index.html then I guess that's ok. But again, careful configuration and still not for every situation.

I'm sure you can layer more rules to get it exactly right but I'd not be eager to layer on complex configuration through multiple service providers when it is avoidable, unless there is some very compelling overriding reason.

gfs|1 year ago

As far as I know, bucket names must be unique at other providers like AWS as well. [0]

I'm no expert but to try and protect my own domain, I use a transform rule to match a subdomain and append "/file/$MY_BUCKET_NAME" to each request. This should return a 404 for anybody who tries to inject their own bucket in the path. I could be wrong of course.

[0]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket...

unknown|1 year ago

[deleted]

johnmaguire|1 year ago

This is an easily solved problem. Backblaze has an example here: https://github.com/backblaze-b2-samples/cloudflare-b2