How do I resolve "403 Error - The request could not be satisfied. Request Blocked" in CloudFront?

3 minute read
0

Amazon CloudFront is returning the error message "403 Error - The request could not be satisfied. Request Blocked."

Short description

The error message "403 Error - The request could not be satisfied. Request Blocked." is an error from the client. This error can occur due to the default actions of AWS WAF rules associated with the CloudFront distribution. The following settings might cause a Request Blocked error:

  • When the default action is set to Allow, the request matches a rule that has Action set to Block.
  • When the default action is set to Block, the request matches the conditions of a rule that has Action set to Block.
    -or-
  • When the default action is set to Block, the request doesn't match the conditions of any rule that has Action set to Allow.

For information on troubleshooting other types of 403 errors, see How do I troubleshoot 403 errors from CloudFront?

Resolution

To resolve the Request Blocked error:

  1. Open the CloudFront console.
  2. Choose the ID for the distribution that you want to update.
  3. Choose the General tab.
  4. Under Settings, in the AWS WAF web ACL list, choose the web access control list (web ACL) associated with your distribution.
  5. In the AWS WAF console, choose Web ACLs.
  6. On the Web ACLs page, for AWS Region, choose Global (CloudFront).
  7. Choose the web ACLs that require review. Check that the AWS WAF default action is set on the web ACL.
  8. To resolve the Request Blocked error when the default action is Allow, review the requests. Be sure that they don't match the conditions for any AWS WAF rules with Action set to Block.
    If valid requests match the conditions for a rule that blocks requests, then update the rule to allow the requests.
  9. To resolve the Request Blocked error when the default action is Block, review the requests. Be sure that they match the conditions for any AWS WAF rules with Action set to Allow.
    If valid requests don't match any existing rules that allow requests, then create a rule that allows the requests.

Note: For more troubleshooting, use the AWS WAF console to review a sample of requests that match the rule that might cause the Request Blocked error. For more information, see Testing and tuning your AWS WAF protections.

Related information

How do I resolve "403 ERROR - The request could not be satisfied. Bad Request" in CloudFront?

How AWS WAF works

Using AWS WAF to control access to your content

AWS OFFICIAL
AWS OFFICIALUpdated a year ago