Problem description
The x-oss-ac-subnet-mask header in the request is invalid.
Causes
You initiated a signed request that includes IP address access restrictions, but the x-oss-ac-subnet-mask header is invalid.
Examples
Sample requests:
GET /oss.jpg?x-oss-ac-forward-allow=true&Expires=1647730289&x-oss-ac-subnet-mask=65536&Signature=d38L**********************8&OSSAccessKeyId=LTAI****************The x-oss-ac-subnet-mask header is set to 65536. This value is invalid. This header is used to specify the number of the digit 1 in the subnet mask. If this header is included in the signed request, Object Storage Service (OSS) performs the AND operation based on the IP address from which the request is sent and the subnet mask. The result of the operation is used for signature verification. If the value of the header is maliciously changed, the signature cannot pass the verification.
Solutions
Confirm that the value of the x-oss-ac-subnet-mask header in the URL of the request is valid. For more information, see Add signatures to URLs.
We recommend that you use Alibaba Cloud SDKs to initiate requests. Alibaba Cloud SDKs automatically generate signatures for the requests without the need to manually calculate a signature. For more information, see Overview.