If you use Alibaba Cloud CDN to accelerate static content delivery from OSS buckets, you may need to enable access to private OSS buckets and host the static websites on OSS. This topic describes how to fixes error that may arise in this scenario.
- For more information about static website hosting, see Overview.
- For more information about how to grant Alibaba Cloud CDN access permissions on private OSS buckets, see Grant Alibaba Cloud CDN access permissions on private OSS buckets.
A website that consists of static web pages is hosted on a private OSS bucket, and Alibaba Cloud CDN is granted the permissions to access private OSS buckets.
https://example.com/index.htmlof the website
https://example.com/, but Alibaba Cloud CDN returns the
403 Forbiddenerror message to the user and prompts "
You don't have permission to access the URL on this server". The debugging information of the browser shows the following response message:
x-tengine-error: You are forbidden to list buckets.
Access to private OSS buckets conflicts with the settings of the default homepage of the website that is hosted on OSS.
index.html. Anonymous requests to the website domain name, such as
https://example.com/, are automatically redirected to the default homepage, such as
https://example.com/index.html. After you allow Alibaba Cloud CDN to access private OSS buckets, back-to-origin requests from the accelerated domain name to the OSS bucket are considered anonymous requests that are destined for the root directory. In this case, the OSS bucket rejects the requests. The error message "You are forbidden to list buckets" is triggered.
- Solution 1: If the static website hosting feature is not required, disable it. To disable static website hosting, clear relevant settings. For more information, see Overview.
- Solution 2: If you must enable static website hosting, create a URI rewrite rule to
prevent requests from accessing the root directory.
In the URI rewrite rule, set Original URI to
^/$, Final URI to
/index.html, and Flag to Redirect. After the URI rewrite rule is set, Alibaba Cloud CDN returns the HTTP 302 status code and redirects user requests that are destined for
www.example.com/index.html. For more information, see Create a URI rewrite rule.