http 403 error from CloudFront after attempting to upload image in Magento e-commerce platform for some users

Question

We are using Magento e-commerce platform for our shopping site behind AWS Cloudfront. In the create page WYSIWYG, there's an option to upload images. Some users are reporting the 403 error is occurring after they choose the image and press the upload button, whilst for others uploading images works.

I don't see any error messages in the nginx access or error logs at the time the 403 occurs for some of these users. However, I do see the following error in the CloudFront log:

date        time        x-edge-location sc-bytes    c-ip            cs-method   cs(Host)                        cs-uri-stem                                                                                                 sc-status   cs(Referer)                                                                                                 cs(User-Agent)                                                                      cs-uri-query            cs(Cookie)  x-edge-result-type  x-edge-request-id           x-host-header           cs-protocol cs-bytes    time-taken  x-forwarded-for     ssl-protocol    ssl-cipher                  x-edge-response-result-type cs-protocol-version fle-status  fle-encrypted-fields    c-port      time-to-first-byte  x-edge-detailed-result-type sc-content-type             sc-content-len sc-range-start   sc-range-end
2020-01-20  10:22:13    MAN50-C1        570         xx.xx.xx.xx     POST        jhgfjgfjsd.cloudfront.net       /index.php/ctrl-web-team/cms_wysiwyg_images/upload/type/image/key/88fdfad6d6b726871662108fad3d3de3/         403         https://www.example.com/index.php/ctrl-web-team/cms_page/new/key/c7e419205e2c23c854cd4ea1d741bdad/          Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:72.0)%20Gecko/20100101%20Firefox/72.0    SID=gm892fbgp7lep0      -           Error               Z6p-RiAuq7RA7ryi3iNHD==     www.example.com         https       16778       0.844       -                   TLSv1.2         ECDHE-RSA-AES128-GCM-SHA256 Error                       HTTP/2.0            -           -                       42776       0.844               Error                       text/html                   134             -               -
2020-01-20  10:22:17    MAN50-C1        1547        xx.xx.xx.xx     POST        jhgfjgfjsd.cloudfront.net       /index.php/ctrl-web-team/cms_wysiwyg_images/contents/type/image/key/0f36c05043efc3435jj342d6a3071e6a47/     200         https://www.example.com/index.php/ctrl-web-team/cms_page/new/key/c7e419205e2c23c854cd4ea1d741bdad/          Mozilla/5.0%20(X11;%20Linux%20x86_64;%20rv:72.0)%20Gecko/20100101%20Firefox/72.0    isAjax=true             -           Miss                nu8CAYvBxQnpvMbAhdgdf=      www.example.com         https       545         0.612       -                   TLSv1.2         ECDHE-RSA-AES128-GCM-SHA256 Miss                        HTTP/2.0            -           -                       42776       0.612               Miss                        text/html;%20charset=UTF-8  -               -               -

Any guidance appreciated.

Answer 1

The error occurred as some requests were being blocked by the AWS WAF (web application firewall). Review the rules associated with ACL in WAF.

I had to define an additional "String and regex matching" rule in the AWS WAF Classic to allow the requests.