Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted November 4, 20222 yr Not sure what's going on exactly, but it seems on two different IPS sites I run some images retrieved from S3 via CF ala a CDN CNAME (i.e. cdn.site.com) return a 403, however the majority return just fine. File types that return 403: ICO, SVN One site returns SVN fine, both sites 403 for ICO Both sites return JPG, PNG, GIF fine. I've compared htaccess, S3, CF configs from both sites and haven't spotted anything different between them. Anyone have any ideas?
November 4, 20222 yr Cloudflare won't have anything to do with this. The 403 is coming from origin (S3 in this case). So you want to focus your attention there. Have you looked at your bucket policy settings for each site? https://stackoverflow.com/questions/26691286/amazon-s3-bucket-returning-403-forbidden https://giuseppeborgese.medium.com/fix-the-error-http-403-access-denied-from-amazon-s3-df53a4f1f530 Edited November 4, 20222 yr by Randy Calvert
November 4, 20222 yr Author On 11/4/2022 at 3:44 PM, Randy Calvert said: Cloudflare won't have anything to do with this. The 403 is coming from origin (S3 in this case). So you want to focus your attention there. Have you looked at your bucket policy settings for each site? https://stackoverflow.com/questions/26691286/amazon-s3-bucket-returning-403-forbidden Yes, I compared both but will look again. What's odd is this isn't global for all files, it's just certain files.
November 4, 20222 yr Author Solution I figured it out, thanks Randy, your links helped spark where to look. It came down to the S3 permission sets for those objects (certain images files) were not set to public read. Also the favicon.ico did not move over in the S3 Storage Location usage, however it was referenced by it (i.e. tried to pull from CDN/S3 but was still local on my server). Not sure if that is a bug, but I just moved it over manually to S3 and set the public read access on the object. Edited November 4, 20222 yr by Clover13
November 4, 20222 yr I would personally suggest turning off Cloudflare while you troubleshoot this. It's possible one of the things you tried fixed it, but CF was still serving an error response. Also... once I adjusted my CORS settings, I noticed it took CF a few hours to pick up the change properly. (It had something to do with the cache clearing not applying to certain headers). That's also part of why you might entirely turn caching off for now. (set the cloud from orange to grey in the DNS settings). Once its working, turn it back on. But I think you'll find the problem somewhere in your CORS settings within S3.
November 4, 20222 yr Glad to hear you got that resolved. As mentioned, switching off cloudflare while checking issues is always a wise idea in these scenarios