How can I troubleshoot a 403 Forbidden response in my CDN resource?
If you receive a 403 Forbidden response from CDN edge servers, consider the following scenarios:
- Enabling the Country Access, Hotlink Policy, IP Access, or URL Signing features returns a 403 Forbidden response if a request does not comply with the rules defined for the specific resource.
- Enabling HTTP Rules with forbidden access returns a 403 Forbidden response if a request does not comply with the rules defined for the specific resource.
- If you have a CDN resource without any access control or security settings, you may validate the issue following the steps below:
• Make an HTTP request using a CDN resource primary hostname:
$ curl -I cdn.something.com HTTP/1.1 403 Forbidden Server: nginx Date: Mon, 29 Aug 2016 06:08:30 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 328 Connection: keep-alive Vary: Accept-Encoding X-Cache: MISS X-Storage: 126.96.36.199:8001 X-Edge-IP: 188.8.131.52 X-Edge-Location: Hong Kong, HK
• Make an HTTP request using an origin:
$ curl -I 11.222.333.100 HTTP/1.1 200 OK Server: nginx Date: Mon, 29 Aug 2016 06:09:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/6.1.2
• Make an HTTP request using an origin with the host HTTP request header, with the CDN resource primary hostname as its value:
$ curl -I -H "Host: cdn.something.com" 11.222.333.100 HTTP/1.1 403 Forbidden Server: nginx Date: Mon, 29 Aug 2016 06:09:34 GMT Content-Type: text/html; charset=iso-8859-1 Connection: close Vary: Accept-Encoding
The reason is caused by the failure of the origin to acknowledge a legitimate HTTP request made by the CDN edge server. To resolve this issue, configure your origin to support the CDN primary hostname in your origin. For more details, refer to Create HTTP CDN Resource.