curl HTTP/1.1 403 Forbidden cloudfront

Question

*****.cloudfront.net <- this is mywebsite

Error 403 when 'curl' occurs. However, it is normal to connect through a browser. What's the problem? I can't use 'curl' but it's normal when I log in through a browser.

Answer 1

seems like the question is too old to answer, however I've faced the same issue today. So, maybe my answer would be helpful for anybody...

My problem was exactly as decribed: cloudfront service was accessible through web browsers such Chromium & Firefox, however the response for the curl request was "Access Denied":

matvey@matvey-pc:~$ curl -v "https://d218ouehxiafnp.cloudfront.net" 

... output is trimmed

> GET / HTTP/2
> Host: d218ouehxiafnp.cloudfront.net
> user-agent: curl/7.68.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 403 
< content-type: application/xml
< date: Tue, 06 Dec 2022 21:47:02 GMT
< server: AmazonS3
< x-cache: Error from cloudfront
< via: 1.1 61c35238bc750b646bd101c97da70922.cloudfront.net (CloudFront)
< x-amz-cf-pop: BUD50-C1
< x-amz-cf-id: tmlM6k285fqQXLUnpSnEjTdim0CDUkWlUaWakSJQZ5koVtsqUwkHXg==
< 
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host d218ouehxiafnp.cloudfront.net left intact
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>QZMBFA097CY6V4ZK</RequestId><HostId>vELi5HfHj2oQeIV1K2L6epFEBeNMVbViOGDvM7VXFO6DtqfLSYm+1Pr2H1UwfuRt4ylrrYqYiFU=</HostId></Error>

My Cloudfront was configured as follows:

• HTTP/1.0 & HTTP/1.1 & HTTP/2;
• GET & HEAD methods were allowed;
• Compression is on.

After troubleshooting I've found out that if compression is ON, then Accept-Encoding header is required.

So, everything became working after specifying header as follows:

curl -v https://d218ouehxiafnp.cloudfront.net -H "Accept-Encoding: *"

More details on that header.

Hope it'll be useful for you.