trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Payne <jp557...@gmail.com>
Subject Re: Using ATS to access public file in AWS S3 Bucket results in 'AccessDenied'
Date Fri, 15 Jan 2016 01:04:04 GMT
well you are communicating with the s3 server via ATS as seen by the
response headers.

it looks like s3 isnt liking the pristine host header.

just as a test disable pristine.

traffic_ctl config match pristine

traffic_ctl config set proxy.config.url_remap.pristine_host_hdr 0

once the change is in effect, re-run your curl command.

you should see a different response, if not success.





On Thu, Jan 14, 2016 at 5:26 PM, Daniel Carraro <daniel@blinkmobile.com.au>
wrote:

> @Jeremy, Sure thing.
>
> The remap.config entry, without any sanitization:
> map http://app1.daniel.blinkm.io/index.html
> http://s3-ap-southeast-2.amazonaws.com/apachetraffictest.blinkm.io/index.html
> (where apachetraffictest.blinkm.io is the bucket name)
>
> I've added that new remap entry as follows:
> map http://proxy.com/index.html
> http://s3-ap-southeast-2.amazonaws.com/apachetraffictest.blinkm.io/index.html
>
> However, running that curl request gives me the following error:
>
> curl -v -x 52.62.32.244:80 http://proxy.com/index.html
> *   Trying 52.62.32.244...
> * Connected to 52.62.32.244 (52.62.32.244) port 80 (#0)
> > GET http://proxy.com/index.html HTTP/1.1
> > Host: proxy.com
> > User-Agent: curl/7.43.0
> > Accept: */*
> > Proxy-Connection: Keep-Alive
> >
> < HTTP/1.1 404 Not Found
> < x-amz-request-id: 81B08DB52B101728
> < x-amz-id-2:
> FGuVa3NOmJyBNneboKaovYG1Wly4nRecj5J6Qw/Ik0zPd6+f+sj/UAaIKr0We+q9q92s5MVUoJA=
> < Content-Type: application/xml
> < Date: Thu, 14 Jan 2016 23:20:31 GMT
> < Server: ATS/5.3.0
> < Age: 0
> < Transfer-Encoding: chunked
> < Proxy-Connection: keep-alive
> <
> <?xml version="1.0" encoding="UTF-8"?>
> * Connection #0 to host 52.62.32.244 left intact
>
> <Error><Code>NoSuchBucket</Code><Message>The specified bucket
does not
> exist</Message><BucketName>proxy.com
> </BucketName><RequestId>81B08DB52B101728</RequestId><HostId>FGuVa3NOmJyBNneboKaovYG1Wly4nRecj5J6Qw/Ik0zPd6+f+sj/UAaIKr0We+q9q92s5MVUoJA=</HostId></Error>
>
> I've also got an open ticket with AWS Support, but if there's anything
> jumping out that I'm missing, please point it out.
>
> @James: I'd also like to avoid using the s3_auth plugin if possible, since
> this ATS installation will be used to access files in multiple s3 buckets
> spanning multiple subaccounts, so while using the s3_auth plugin could
> work, it makes bucket creation/management much more complex.
>
> Thanks for the responses guys, I really appreciate it.
>
>
> On 15 January 2016 at 02:05, Jeremy Payne <jp557198@gmail.com> wrote:
>
>>
>> assuming you are passing the right S3 credentials, it appears your client
>> request does not match a remap.config entry.
>>
>> can you show the curl command used to poll ATS ? can you also show the
>> complete remap.config entry in question, without sanitizing values ?
>> if you want, just create a remap entry that looks like the below.
>>
>> map http://proxy.com/index.html http://s3-ap-southeast-2.amazonaws.com/
>> <bucketname>/index.html
>>
>> then send a curl request using the below format
>>
>>
>> curl -v -o /dev/null -x <ATS-LISTENING-IP>:<ATS-PORT>
>> http://proxy.com/index.html
>>
>> ex:
>>
>> curl -v -o /dev/null -x 192.168.0.100:80 http://proxy.com/index.html
>>
>>
>>
>>
>>
>>
>> On Thu, Jan 14, 2016 at 12:38 AM, Daniel Carraro <
>> daniel@blinkmobile.com.au> wrote:
>>
>>> Hi,
>>>
>>> I've got an Apache Traffic Server (5.3.0) running on an AWS EC2 instance
>>> which I'm trying to use as a proxy server to access files in an S3 bucket.
>>>
>>> I've created an S3 bucket, and uploaded a basic index.html file (which
>>> has been made public). I'm able to access that file directly via cURL from
>>> both my local machine, and the EC2 instance ATS is running on. However, if
>>> I make a cURL request via ATS, I get a 'AccessDenied' message from S3.
>>>
>>> My remap.config file is as follows:
>>> map http://<URL>/index.html http://s3-ap-southeast-2.amazonaws.com/
>>> <bucketname>/index.html
>>>
>>> (I've tested this with /index.html and without, with the same results).
>>>
>>> If I use traffic_logcat to look at squid.blog, the following log entry
>>> appears:
>>> 1452751621.502 61 <my IP Address> TCP_MISS/403 553 GET
>>> http://s3-ap-southeast-2.amazonaws.com/<bucketname>/index.html - DIRECT/
>>> s3-ap-southeast-2.amazonaws.com application/xml
>>>
>>> Enabling "Static Web Hosting" on the bucket is not a viable option for
>>> this project.
>>>
>>> Any help would be greatly appreciated.
>>>
>>> Cheers,
>>> Daniel
>>> --
>>> *Daniel Carraro | *
>>> *Systems Administrator*
>>>
>>
>>
>
>
> --
> *Daniel Carraro | *
> *Systems Administrator*
> *[* *E:* daniel@blinkmobile.com.au  *| M:* +61 402 595 350 *] *
>
>
>

Mime
View raw message