All Products
Search
Document Center

Object Storage Service:What do I do if the ApkDownloadForbidden error code is returned?

Last Updated:Jul 17, 2024

This topic describes the causes of and solutions to the issue that the ApkDownloadForbidden error code is returned when you access an object.

Problem description

If you access objects whose names contain the .apk or .ipa extension or objects whose MIME type (the content-type response header) is application/vnd.android.package-archive or application/iphone in a bucket anonymously or by using object URLs that contain the public domain name (format: bucketname.oss-[region].aliyuncs.com) or OSS-accelerated endpoints (format: bucketname.oss-accelerate.aliyuncs.com or bucketname.oss-accelerate-overseas.aliyuncs.com), the requests are denied. The HTTP status code 400 and the ApkDownloadForbidden error code are returned.

Causes

To enhance data security, requests to access the following types of objects anonymously or by using object URLs are blocked if one of the following conditions is met:

  • You use the public domain name of a bucket that is created on or after 00:00:00 (UTC+8) on August 15, 2023 to access objects whose names contain the .apk or .ipa extension in the bucket.

  • You use OSS-accelerated domain names to access objects whose names contain the .apk or .ipa extension in a bucket for which the transfer acceleration feature is enabled on or after 00:00:00 (UTC+8) on August 15, 2023.

  • You use the public domain name of a bucket created on or after 00:00:00 (UTC+8) on August 5, 2024 to access objects whose MIME type (the content-type response header) is application/vnd.android.package-archive or application/iphone in the bucket.

  • You use OSS-accelerated domain names to access objects whose MIME type (the content-type response header) is application/vnd.android.package-archive or application/iphone in a bucket for which the transfer acceleration feature is enabled on or after 00:00:00 (UTC+8) on August 5, 2024.

Solutions

Use custom domain names to access objects whose names contain the .apk or .ipa extension or objects whose MIME type (the content-type response header) is application/vnd.android.package-archive or application/iphone in the bucket. For more information, see Map a custom domain name to the default domain name of a bucket.

Appendix

The following table describes the types of domain names or methods that you can use to access objects whose names contain specific extensions or objects of specific MIME types in buckets created at a specific point in time or buckets for which the transfer acceleration feature is enabled at a specific point in time.

Object type

Date

Access mode

Objects whose names contain the .apk or .ipa extension

Buckets created before 00:00:00 (UTC+8) on August 15, 2023

Public domain names

Buckets for which the transfer acceleration feature is enabled before 00:00:00 (UTC+8) on August 15, 2023

OSS-accelerated domain names

Buckets created at any time

Internal domain names

Custom domain names

Include a signature in the Authorization header

Origin fetch from an OSS bucket by Alibaba Cloud CDN (an OSS bucket is used as the origin server)

Objects whose MIME type (the content-type response header) is application/vnd.android.package-archive or application/iphone

Buckets created before 00:00:00 (UTC+8) on August 5, 2024

Public domain names

Buckets for which the transfer acceleration feature is enabled before 00:00:00 (UTC+8) on August 5, 2024

OSS-accelerated domain names

Buckets created at any time

Internal domain names

Custom domain names

Include a signature in the Authorization header

Origin fetch from an OSS bucket by Alibaba Cloud CDN (an OSS bucket is used as the origin server)