Clover13 Posted November 4, 2022 Posted November 4, 2022 Not sure what's going on exactly, but it seems on two different IPS sites I run some images retrieved from S3 via CF ala a CDN CNAME (i.e. cdn.site.com) return a 403, however the majority return just fine. File types that return 403: ICO, SVN One site returns SVN fine, both sites 403 for ICO Both sites return JPG, PNG, GIF fine. I've compared htaccess, S3, CF configs from both sites and haven't spotted anything different between them. Anyone have any ideas?
Clover13 Posted November 4, 2022 Author Posted November 4, 2022 Just to add CF's Hotlink Protection is OFF
Randy Calvert Posted November 4, 2022 Posted November 4, 2022 (edited) Cloudflare won't have anything to do with this. The 403 is coming from origin (S3 in this case). So you want to focus your attention there. Have you looked at your bucket policy settings for each site? https://stackoverflow.com/questions/26691286/amazon-s3-bucket-returning-403-forbidden https://giuseppeborgese.medium.com/fix-the-error-http-403-access-denied-from-amazon-s3-df53a4f1f530 Edited November 4, 2022 by Randy Calvert SeNioR- 1
Clover13 Posted November 4, 2022 Author Posted November 4, 2022 2 minutes ago, Randy Calvert said: Cloudflare won't have anything to do with this. The 403 is coming from origin (S3 in this case). So you want to focus your attention there. Have you looked at your bucket policy settings for each site? https://stackoverflow.com/questions/26691286/amazon-s3-bucket-returning-403-forbidden Yes, I compared both but will look again. What's odd is this isn't global for all files, it's just certain files.
Solution Clover13 Posted November 4, 2022 Author Solution Posted November 4, 2022 (edited) I figured it out, thanks Randy, your links helped spark where to look. It came down to the S3 permission sets for those objects (certain images files) were not set to public read. Also the favicon.ico did not move over in the S3 Storage Location usage, however it was referenced by it (i.e. tried to pull from CDN/S3 but was still local on my server). Not sure if that is a bug, but I just moved it over manually to S3 and set the public read access on the object. Edited November 4, 2022 by Clover13 SeNioR- 1
Randy Calvert Posted November 4, 2022 Posted November 4, 2022 I would personally suggest turning off Cloudflare while you troubleshoot this. It's possible one of the things you tried fixed it, but CF was still serving an error response. Also... once I adjusted my CORS settings, I noticed it took CF a few hours to pick up the change properly. (It had something to do with the cache clearing not applying to certain headers). That's also part of why you might entirely turn caching off for now. (set the cloud from orange to grey in the DNS settings). Once its working, turn it back on. But I think you'll find the problem somewhere in your CORS settings within S3.
Marc Posted November 4, 2022 Posted November 4, 2022 Glad to hear you got that resolved. As mentioned, switching off cloudflare while checking issues is always a wise idea in these scenarios
Recommended Posts