Configuring Security Access Policies

This section describes how to enable security access policies to deny certain access requests during the designated period, ensuring normal system operation and system security.

Procedure

  1. Choose Settings > Object Service Settings > Security Settings > Security Access Policy.

  2. Configure security access policy parameters.

    1. Select and enable the required security access policies.

      Security access policies include:

      • Access Key and IP Access Policy: If within a statistical period, the number of access failures of an access key through an IP address is larger than or equal to the access failure threshold, and the ratio of access failures to total accesses is larger than or equal to the access failure rate threshold, services are denied for the access key through this IP address.
      • Access Key Policy: If within a statistical period, the number of access failures of an access key is larger than or equal to the access failure threshold, and the ratio of access failures to total accesses is larger than or equal to the access failure rate threshold, services are denied for the access key.
      • IP Access Policy: If within a statistical period, the number of access failures of an IP address is larger than or equal to the access failure threshold, and the ratio of access failures to total accesses is larger than or equal to the access failure rate threshold, services are denied for the IP address.
      • Enable HTTP: After this switch is turned on, the object service supports both HTTP and HTTPS requests. Otherwise, it supports only HTTPS requests. Enabling HTTP may bring security risks. You are advised not to enable it.
      • Enable V2 Authentication: After this switch is turned on, the object service supports both V2 and V4 authentication. Otherwise, it supports only V4 authentication. Enabling V2 authentication may bring security risks. You are advised not to enable it.
    2. Enabling Access Key and IP Access Policy, Access Key Policy, or IP Access Policy requires you to set the security access policy information. Table 1 describes the related parameters.
      Table 1 Security access policy parameters

      Parameter

      Description

      Statistical Time Interval (seconds)

      Within the specified time, the system checks whether the access complies with the security access policy. If yes, services for the access are denied. The value ranges from 1 to 300.

      Service Denial Time (minutes)

      Calculates the time for the denial of service and is used as the baseline for the denial of service. The value ranges from 1 to 30.

      Threshold for Access Failures

      One of the conditions for triggering the denial of service is as follows: The number of access failures exceeds the threshold. The value ranges from 1 to 999999999.

      Threshold for Access Failure Rate (%)

      One of the conditions for triggering the denial of service is as follows: The ratio of the number of access failures to the total number of access times is greater than the threshold for access failure rate. The value ranges from 1 to 99.

      Note: The security access policies take effect only for storage nodes that meet the trigger conditions.

  3. Click Save.
Parent topic: Configuring Security Settings