WAF blocking file download from S3

0

Hi Team,

We are getting 403 error while downloading file from S3. Only one file having this issue, other files we are able to download. FIle name having special characters like spaces and , and # etc

Sample file name:new thing, some month (1) #.new.pdf.

Will the WAF blocks file names like this. The file also contain certain words too. Please help here.

Regards, Rajesh Khanna B

3 Answers
0

Hi!

Assume S3 is the source of the error, then check for this (specially if the offending file is in a new bucket created recently): S3 Block Public Access settings If the failed request involves public access or public policies, then check the S3 Block Public Access settings on your account, bucket, or S3 access point. Starting in April 2023, all Block Public Access settings are enabled by default for new buckets.

You can look up this article for more details: Troubleshoot Access Denied (403 Forbidden) errors in Amazon S3

Does this help solve your issue?

AWS
ART
answered a year ago
0

You will not have waf in front of an s3 bucket unless your accessing the bucket via cloudfront.

You would have to explain your setup if you this waf is included.

However it sounds like a bucket policy could be the issue here.

profile picture
EXPERT
answered a year ago
0

Hi,

I understand you are getting 403 error while downloading file from S3.

Lets start with troubleshooting options. Lets explore this two options to add CORS headers on WAF blocked responses:

  1. try using the feature of WAF - Custom Responses, where you can specify not only the error code to be returned but response headers too. So you can statically set CORS headers too. This approach won't be suitable though if you can't return static values in the cases where you want to honor multiple origin values and you can't return wildcard - *.
  2. Use CloudFront's custom error pages that would intercept 403 errors that WAF would generate. Then, define a cache behavior corresponding to that custom error page with Lambda@Edge function attached to Origin Request/Response trigger which would add CORS headers to the response

I hope this helps. Let me know if I answered your question by up voting my response as accepted or if you have any follow-up.

Kind regards, Ahmed

Reference: [1] https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-for-blocked-requests.html [2] https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GeneratingCustomErrorResponses.html

AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions