Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

ALB Returns 403 Forbidden for Specific Client Despite Normal Infrastructure Configuration

0

I'm experiencing intermittent 403 Forbidden errors with my Application Load Balancer (ALB) that only affect specific MetaTrader 5 clients on certain Windows VPS environments. The issue is puzzling because the same API endpoints work perfectly through web browsers and other clients.

Infrastructure Status (All Verified):

  • WAF: Not connected (verified wafv2.acl.arn attribute is empty)
  • Target Health: Healthy
  • Security Groups: HTTP/HTTPS allowed from 0.0.0.0/0
  • Listener Configuration: Normal (HTTP→HTTPS redirect)
  • CloudWatch Metrics: Shows both ELB and Target 4XX errors

########## AWS Documentation Review: ########## I've reviewed the official AWS documentation which states: "You configured an AWS WAF web access control list (web ACL) to monitor requests to your Application Load Balancer and it blocked a request." However, I have not configured any WAF and confirmed that no WAF is associated with my ALB.

Testing Results:

  • Web browsers: 200 OK
  • PowerShell from same VPS: 200 OK

Configuration Changes Attempted:

  • Increased client_keep_alive.seconds to 7200
  • Increased idle_timeout.timeout_seconds to 300
Topics
Compute
Tags
Application Load BalancerWindows
Language
English
asked 10 months ago292 views
2 Answers
0

The 403 Forbidden errors you're experiencing with your Application Load Balancer (ALB) despite not having a WAF configured could be related to the ALB's built-in protection mechanisms against unusual traffic patterns.

When your MetaTrader 5 clients on certain Windows VPS environments connect to your ALB, they might be triggering these protective measures. This can happen if:

  1. The clients are generating a high volume of requests in a short time period
  2. The requests are coming from a limited number of IP addresses
  3. The traffic pattern appears suspicious to the ALB's protection systems

Even without an explicit WAF configuration, the ALB has inherent security features that can block traffic it perceives as potentially abusive. This would explain why you're seeing 4XX errors in CloudWatch metrics for both the ELB and targets.

To address this issue, you could try:

  1. Gradually increasing the request rate from these clients rather than sending many requests at once
  2. Distributing requests across multiple source IP addresses if possible
  3. Monitoring ELB metrics like RequestCount and HTTPCode_ELB_4XX_Count to gain insights
  4. Ensuring your backend EC2 instances can handle the load efficiently

If the issue persists, it might be worth contacting AWS Support as they could provide more specific guidance or adjust certain limits on your account. The fact that browsers and PowerShell work fine from the same VPS suggests there might be something specific about how the MetaTrader 5 client is formatting or sending its requests that triggers the ALB's protective mechanisms.
Sources
ELB returns 4xx when I run too many automated tests | AWS re:Post

answered 10 months ago
0

Hello.

CloudWatch Metrics: Shows both ELB and Target 4XX errors

If you can see the "Target 4XX" metric, it means that the request is being made to the ALB target.
Therefore, I think it is necessary to check the application logs of the target instance to see the difference between requests that result in a 403 error and successful requests.

EXPERT
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content