cdngoogle-cloud-storagegoogle-cdn

How to disable google cloud storage bucket list from acl control?

We're using google cloud storage as our CDN.

However, any visitors can list all files by typing: http://ourcdn.storage.googleapis.com/

How to disable it while all the files under the bucket is still public readable by default?

We previously set the acl using 

gsutil defacl ch -g AllUsers:READ
Solution

  • In GCP dashboard:

    1. get in your bucket
    2. click "Permissions" tab and get in.
    3. in member list find "allUsers", change role from Storage Object Viewer to Storage Legacy Object Reader

    then, listing should be disabled.

    Update:

    as @Devy comment, just check the note below here

    Note: roles/storage.objectViewer includes permission to list the objects in the bucket. If you don't want to grant listing publicly, use roles/storage.legacyObjectReader.