stackoom
  简体   繁体   中英

AWS 403 forbidden from Cloudfront Worker Fetch

 原文  2021-10-22 05:06:59       amazon-web-services/ cloudflare-workers

Question

I'm getting a 403 forbidden response when using fetch from a serverless Cloudflare Worker to my own dotnetcore api hosted on AWS EC2 instance. Both GET and POST. example worker code (also tested with init headers like user agent, accept, etc but same result):

fetch('http://54.xxx.xxx.xxx/test')

However that basic fetch to that api ip url returns 200 from local javascript and a simple hosted webpage. As well as postman and curl.

Also the Cloudflare worker can fetch other apis without issue.

fetch('http://jsonplaceholder.typicode.com/posts')

In the end I had to use the AWS DNS url instead.

fetch('http://ec2-54-xxx-xxx-xxx.us-west-1.compute.amazonaws.com/test')

This AWS elasticbeanstalk setup is as basic as possible. Single t3a.nano instance with default security group. I didn't see any documentation regarding the usage of IP vs DNS urls but they should resolve to the same IP. Also I don't see any options to deal with DNS issues on cloudflare side.

Nor any similar issues on stackoverflow.

So after a lot of pain, I'm just documenting the solution here.

2 answers

solution1
 0  2021-10-22 05:06:59

Under the amazon instance summary you can find both "Public IPv4 address" and "Public IPv4 DNS".

From the Cloudflare worker the fetch with public dns works

fetch('http://ec2-54-xxx-xxx-xxx.us-west-1.compute.amazonaws.com/test')

and fetch with public ip returns status 403 with statusText "Forbidden"

fetch('http://54.xxx.xxx.xxx/test')

solution2
 0  2022-07-29 00:00:48

Cloudflare Workers can make outbound HTTP requests, but only to domain names. It is not possible for a Worker to make a fetch request to an IP address.

I can't confirm the exact behavior you observed (your post was 9 months ago, and a number of things have changed with Cloudflare Workers since then), in the last month or so I've observed that calling fetch() on an IP address results in the worker seeing "Error 1003 Access Denied" as the fetch response.

There isn't much info, but here's what's available about Error 1003 :

Error 1003 Access Denied: Direct IP Access Not Allowed

Common cause – A client or browser directly accesses a Cloudflare IP address.

Resolution – Browse to the website domain name in your URL instead of the Cloudflare IP address.

As you found, if you use a DNS name instead, fetch works fine.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS Cloudfront alternate domain name 403 forbidden aws cloudfront api endpoint responding with Forbidden(403) CloudFront 403 Forbidden Exception (AWS SAM Template) 403 forbidden from AWS Getting 403 (Forbidden) when loading AWS CloudFront file Loading file from CloudFront using AJAX causes 403 (Forbidden) error AWS Deployment 403 forbidden Cloudfront returns 403 forbidden when refreshing page CloudFront responds with 403 Forbidden instead of triggering Lambda 403 Forbidden error using Cloudfront signed cookies?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM