Jump to content

Cloudflare + AWS S3: Some images returning 403


Go to solution Solved by Clover13,

Recommended Posts

Posted

Not sure what's going on exactly, but it seems on two different IPS sites I run some images retrieved from S3 via CF ala a CDN CNAME (i.e. cdn.site.com) return a 403, however the majority return just fine.

File types that return 403:  ICO, SVN

One site returns SVN fine, both sites 403 for ICO

Both sites return JPG, PNG, GIF fine.

I've compared htaccess, S3, CF configs from both sites and haven't spotted anything different between them.

Anyone have any ideas?

Posted (edited)

Cloudflare won't have anything to do with this.  The 403 is coming from origin (S3 in this case).  So you want to focus your attention there.  

Have you looked at your bucket policy settings for each site?

https://stackoverflow.com/questions/26691286/amazon-s3-bucket-returning-403-forbidden

https://giuseppeborgese.medium.com/fix-the-error-http-403-access-denied-from-amazon-s3-df53a4f1f530

Edited by Randy Calvert
Posted
2 minutes ago, Randy Calvert said:

Cloudflare won't have anything to do with this.  The 403 is coming from origin (S3 in this case).  So you want to focus your attention there.  

Have you looked at your bucket policy settings for each site?

https://stackoverflow.com/questions/26691286/amazon-s3-bucket-returning-403-forbidden

Yes, I compared both but will look again.

What's odd is this isn't global for all files, it's just certain files.

  • Solution
Posted (edited)

I figured it out, thanks Randy, your links helped spark where to look.  It came down to the S3 permission sets for those objects (certain images files) were not set to public read.  Also the favicon.ico did not move over in the S3 Storage Location usage, however it was referenced by it (i.e. tried to pull from CDN/S3 but was still local on my server).  Not sure if that is a bug, but I just moved it over manually to S3 and set the public read access on the object.

Edited by Clover13
Posted

I would personally suggest turning off Cloudflare while you troubleshoot this.  It's possible one of the things you tried fixed it, but CF was still serving an error response.  

Also...  once I adjusted my CORS settings, I noticed it took CF a few hours to pick up the change properly.  (It had something to do with the cache clearing not applying to certain headers).  That's also part of why you might entirely turn caching off for now.  (set the cloud from orange to grey in the DNS settings).  

Once its working, turn it back on.  But I think you'll find the problem somewhere in your CORS settings within S3.  

Posted

Glad to hear you got that resolved. As mentioned, switching off cloudflare while checking issues is always a wise idea in these scenarios

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...