how to limit Amazon S3 access to my app's pages only (i.e. no hot-linking) ?

Hey there,

I want to stream my app's media from Amazon S3. I've gotten the
basics down, having uploaded files, set their permissions for public
access, and now can use their S3 URLs wherever I need them.

My question is this: can I restrict access to my S3 files to only
within the context of the pages that my application serves? I want to
avoid people just looking at the source from the browser and
downloading my content, i.e. hot-linking. Can I make my app be the
only authorized requester of files?

I know I can create expiring links with S3, and use 'Query String
Authentication', but I am unsure how either technique would help me.
it also doesn't seem that S3's ACL can work for me, either. Right
now, I have fields in my DB that contain the URLs for my content that
are just written in HTML to the pages.

Any ideas? Thanks so much for any help or insights.


I found this post on the S3 developer forums that sheds some light on
this issue: