All Products
Search

This Product

    :A "You are forbidden to list buckets" error is displayed when accessing the Alibaba Cloud Content Delivery Network accelerated domain name after private OSS bucket back-to-origin is enabled

    Document Center

    :A "You are forbidden to list buckets" error is displayed when accessing the Alibaba Cloud Content Delivery Network accelerated domain name after private OSS bucket back-to-origin is enabled

    Last Updated:Mar 23, 2022

    Problem description

    When the origin server is OSS and the bucket is set to Private, the following error is reported when accessing the Alibaba Cloud Content Delivery Network accelerated domain name after private OSS bucket back-to-origin is enabled.

    X-Tengine-Error: You are forbidden to list buckets

    Cause

    When Alibaba Cloud Content Delivery Network back-to-origin to private buckets is enabled, accessing the Alibaba Cloud Content Delivery Network accelerated domain name is equivalent to GetBucket(ListObjects) requests, which are rejected by the Alibaba Cloud Content Delivery Network by default. The possible causes of the error are as follows:

    • OSS static website hosting conflicts with Alibaba Cloud Content Delivery Network private buckets.
    • The requested domain name during bucket back-to-origin does not carry index.html information, and all Alibaba Cloud Content Delivery Network signatures are not available. However, the files that actually access OSS are index.html, resulting in a mismatch of signatures.

    Solutions

    After private OSS bucket back-to-origin is enabled, you can troubleshoot an error when you access the Alibaba Cloud Content Delivery Network acceleration domain name as follows:

    1. Check whether the static website hosting feature is set.
      • If the static website hosting feature of OSS is set, you can select one of the following solutions based on the actual situation:
        • If you do not need to use the static website hosting feature of OSS, disable the static website hosting feature of OSS. For more information, see Static website hosting.
        • If you need to use the static website hosting feature of OSS, you need to directly access the Alibaba Cloud Content Delivery Network acceleration domain name to access the static homepage. You need to set OSS to public read and disable OSS private bucket back-to-origin. For more information about how to disable OSS private bucket back-to-origin, see OSS private bucket back-to-origin.
      • If the static website hosting feature of OSS is not set, proceed to the next step for troubleshooting.
    2. On the Alibaba Cloud Content Delivery Network side, rewrite the root domain name URL to a file that points to the root domain name URL. For example, rewrite the Alibaba Cloud Content Delivery Network accelerated domain name www.example.com to www.example.com/index.html. For more information about rewriting rules, see Configure rewriting.

    Applicable scope

    • CDN
    • OSS