anomalizer / ngx_aws_auth

nginx module to proxy to authenticated AWS services
BSD 2-Clause "Simplified" License
470 stars 144 forks source link

SignatureDoesNotMatch on filename with space #35

Open amaline opened 8 years ago

amaline commented 8 years ago

Receiving a SignatureDoesNotMatch when proxy_pass to a file with a space. Seems like it is signing the canonical decoded uri instead of the encoded request uri. Log file shows:


2016-11-01T14:13:38.19+0000 [App/1] ERR 2016/11/01 14:13:38 [error] 60#0: 8 canonical url extracted is /images/global standalone2.gif, client: 127.0.0.1, server: localhost, request: "GET /images/global%20standalone2.gif HTTP/1.0", host: "127.0.0.1:8000" 2016-11-01T14:13:38.19+0000 [App/1] ERR 2016/11/01 14:13:38 [error] 60#0: 8 canonical req is GET 2016-11-01T14:13:38.19+0000 [App/1] ERR /images/global standalone2.gif 2016-11-01T14:13:38.19+0000 [App/1] ERR host:cg-0127f0fb-962c-496e-a286-67cd2a75760f.s3.amazonaws.com 2016-11-01T14:13:38.19+0000 [App/1] ERR x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 2016-11-01T14:13:38.19+0000 [App/1] ERR x-amz-date:20161101T141338Z 2016-11-01T14:13:38.19+0000 [App/1] ERR host;x-amz-content-sha256;x-amz-date 2016-11-01T14:13:38.19+0000 [App/1] ERR e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, client: 127.0.0.1, server: localhost, request: "GET /images/global%20standalone2.gif HTTP/1.0", host: "127.0.0.1:8000"


AWS error contains:


&tlCanonicalRequest&gtGET /images/global%20standalone2.gif

host:cg-0127f0fb-962c-496e-a286-67cd2a75760f.s3.amazonaws.com x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-date:20161101T141338Z

host;x-amz-content-sha256;x-amz-date e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&lt/CanonicalRequest&gt


rickheil commented 7 years ago

I can confirm that I'm having this same error.

adsanz commented 3 years ago

I have the same error, any news on this?

ashafaei commented 2 years ago

For anyone else who ends up here while searching for a solution. I'm not sure what exactly causes this issue, but there's a workaround. Earlier, I was trying to use reg-exp rules to direct the requests, but that apparently ends up messing with the URI encoding in the request. I followed this post, to set up the proxy pass without an argument, and it solved my issues.