Reputation: 715
403 ERROR The request could not be satisfied
I have a website with a single quote, which I am not able to browse, and few with the same character on same domain it's getting redirected and I am able opens the URL.
l'Union-Européenne-Dans-l'Europe/xxxxx.html when removed the single quotes from url I am able to browse.
Result when tried to browse: 403 ERROR The request could not be satisfied. Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. Generated by cloudfront (CloudFront) Request ID:
Note: checked on clodfront access logs I could find the log with error code 403, not much information other than URI results /l%27Union-Europ%25C3%25A9enne-Dans-l%27Europe/xxxxx.html
Upvotes: 24
Views: 156459
Answers (6)
Reputation: 1536
In my case it was an issue of removing the body in the GET request in postman. See: Cloud Front : The request could not be satisfied
Upvotes: 4
Reputation: 1221
This error can also occur if you are have a CloudFront distribution that is backed by an S3 bucket and you make a request for a file that is larger than the maximum size of a file that can be delivered through Amazon CloudFront, which is 30GB as of 2023-09-26: https://aws.amazon.com/cloudfront/faqs/#:~:text=The%20maximum%20size%20of%20a,to%20all%20Amazon%20CloudFront%20distributions
Upvotes: 1
Reputation: 647
WAF rules are blocking the request
You could navigate to AWS WAF > Web ACLs > yourWebACL and search for block under Sampled requests
Optionally navigate from cloudfront settings
ref this image
Then check in the sample request as given in the below pic
Read more about this modification at https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-error-request-blocked/?nc1=h_ls
Please don't disable WAF as is, but either the rule, which prevents this URL from count instead of the default action (in your case the default action seems to be blocked).
- To modify the rule, navigate to AWS WAF > Web ACLs > rule > Edit rule
- and then toggle the control for specific rule under rules
Upvotes: 4
Reputation: 811
I had the same issue. It was WAF / Firewall which rejected the request. Try to disable that to verify.
Upvotes: -1
Reputation: 1000
Posting my solution here because this was an arduous, weekend-long issue for me, and the solution was not that obvious. As Mani Ezhumalai's answer mentioned, the issue was alternate CNAME records needed.
In my case, it was www.example.com vs example.com. CloudFront requires both domains to be covered in the alternative domain names list, which requires a single AWS ACM SSL cert to cover both, as well as the appropriate CNAME records configured in the DNS.
Upvotes: 6
Reputation: 469
Check your CloudFront configuration. This will occur because of below reasons:
- The request is initiated over HTTP, but the CloudFront distribution is configured to only allow HTTPS requests.
- The requested alternate domain name (CNAME) isn't associated with the CloudFront distribution.
You can refer this link also to resolve your issue: https://aws.amazon.com/premiumsupport/knowledge-center/resolve-cloudfront-bad-request-error/
Upvotes: 30
Related Questions
- CloudFront Error 'CloudFront attempted to establish a connection with the origin'
- curl HTTP/1.1 403 Forbidden cloudfront
- Hosting through Cloudfront provides 403
- Getting 403 (Forbidden) when loading AWS CloudFront file
- AWS CloudFront with Signed URL: 403 Access Denied
- CloudFront is giving 403 for second origin
- CloudFront origin-response return status: '403'
- AWS Cloudfront alternate domain name 403 forbidden
- Can't send request via Amazon CloudFront: 403 Error
- 403 Forbidden when visiting my website-url via CloudFront