27

I just want to serve my s3 files on cdn.mydomain.com

So I create cloudfront distribution which is working fine on https://dxxxxxxxx.cloudfront.net/test.jpg - I get the image.

And now I want to associate my domain at cdn.domain.com with cloudfront in route53.

So I create A record type A-IPv4 address. with name cdn.domain.com alias target I manully put dxxxxxxxx.cloudfront.net.

But when I open the url:

http://cdn.mydomain.com/test.jpg

I get the error:

403 ERROR
The request could not be satisfied.
Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)

What did I miss with my configuration?

Jon Sud
  • 10,211
  • 17
  • 76
  • 174

2 Answers2

32

I meet this issue some time before. The request blocked by CloudFront.

Please check this list:

  • CDN domain added in Cloudfront Alternate Domain Names. Once you add CDN domain to Cloudfront, you can select CloudFront endpoint without typing

  • WAF (if any) does not block your request

  • Check Http and Https

Tuan Vo
  • 1,875
  • 10
  • 10
  • 5
    Yes as you say. I was just need to fill "Alternate Domain Names": "cdn.mydomain.com" with ssl (without ssl - not allowed to save). after that I set A record alias point to cloudfront from the list. and it's works. thanks! – Jon Sud Jan 11 '20 at 11:20
  • 3
    This specific case can be isolated to a missing/incorrect Alternate Domain name because of the self-contradiction found in the error -- it says "403" and it also says "Bad Request" yet a genuine Bad Request response is HTTP status 400, not 403. CloudFront does this when it can't find a distribution with an Alternate Domain Name matching the incoming HTTP `Host` header. WAF blocking is 403 but the error body wouldn't say "Bad Request." – Michael - sqlbot Jan 11 '20 at 15:57
2

In my case the error was caused by simply sending a GET request with a request body within it, removing this solved the issue.

tjurkan
  • 477
  • 5
  • 11