Closed songnguxyz closed 4 months ago
Know that this instance uses CloudFlare R2 and everything has been installed correctly through every step.
Client error:
GET https://[BUCKET_NAME].[CF_ACCOUNT_CODE].r2.cloudflarestorage.com/?prefix=%2Ftemp%2F&delimiter=&encoding-type=urlresulted in a
403 Forbiddenresponse:
Are you sure that endpoint should contain bucket name?
Documentation here - https://developers.cloudflare.com/r2/api/s3/api/ - suggests https://<ACCOUNT_ID>.r2.cloudflarestorage.com
with no bucket name in it.
Client error:
GET https://[BUCKET_NAME].[CF_ACCOUNT_CODE].r2.cloudflarestorage.com/?prefix=%2Ftemp%2F&delimiter=&encoding-type=url`resulted in a403 Forbidden
response:`Are you sure that the endpoint should contain the bucket name? Documentation here - https://developers.cloudflare.com/r2/api/s3/api/ - suggests
https://<ACCOUNT_ID>.r2.cloudflarestorage.com
with no bucket name in it.
It's not supposed to do that, but the request in the exception does contain the bucket name while it shouldn't, and I also believe that I have set everything up correctly, within the latest stable
version of MW.
Please try the following in LocalSettings.php:
$wgFileBackends['s3']['use_path_style_endpoint'] = true;
Tried and it got the path right, but:
Aws\S3\Exception\S3Exception from line 196 of /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php: Error executing "ListObjects" on "https://[CF_ACC_ID].r2.cloudflarestorage.com/[R2_BUCKET_NAME]/?prefix=metawiki%2Ftemp%2F&delimiter=&encoding-type=url"; AWS HTTP error: Client error: `GET https://[CF_ACC_ID].r2.cloudflarestorage.com/[R2_BUCKET_NAME]/?prefix=metawiki%2Ftemp%2F&delimiter=&encoding-type=url` resulted in a `403 Forbidden` response:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
AccessDenied (client): Access Denied - <?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
#0 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php(97): Aws\WrappedHttpHandler->parseError(Array, Object(GuzzleHttp\Psr7\Request), Object(Aws\Command), Array)
#1 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(204): Aws\WrappedHttpHandler->Aws\{closure}(Array)
#2 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(169): GuzzleHttp\Promise\Promise::callHandler(2, Array, NULL)
#3 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/RejectedPromise.php(42): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}(Array)
#4 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\Promise\RejectedPromise::GuzzleHttp\Promise\{closure}()
#5 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php(159): GuzzleHttp\Promise\TaskQueue->run()
#6 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php(184): GuzzleHttp\Handler\CurlMultiHandler->tick()
#7 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\Handler\CurlMultiHandler->execute(true)
#8 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\Promise\Promise->invokeWaitFn()
#9 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()
#10 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()
#11 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()
#12 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()
#13 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()
#14 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/AwsClientTrait.php(58): GuzzleHttp\Promise\Promise->wait()
#15 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/ResultPaginator.php(138): Aws\AwsClient->execute(Object(Aws\Command))
#16 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/functions.php(52): Aws\ResultPaginator->valid()
#17 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/functions.php(69): Aws\map(Object(Aws\ResultPaginator), Object(Closure))
#18 [internal function]: Aws\flatmap(Object(Aws\ResultPaginator), Object(Closure))
#19 /var/www/songngu_stud_usr/data/www/songngu.studio/extensions/AWS/s3/AmazonS3FileBackend.php(560): Generator->valid()
#20 /var/www/songngu_stud_usr/data/www/songngu.studio/includes/libs/filebackend/FileBackendStore.php(1105): AmazonS3FileBackend->doDirectoryExists('metawiki-sn_-lo...', 'metawiki/temp/', Array)
#21 /var/www/songngu_stud_usr/data/www/songngu.studio/includes/installer/DatabaseUpdater.php(1088): FileBackendStore->directoryExists(Array)
#22 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/update.php(203): DatabaseUpdater->setFileAccess()
#23 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/includes/MaintenanceRunner.php(703): UpdateMediaWiki->execute()
#24 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/run.php(51): MediaWiki\Maintenance\MaintenanceRunner->run()
#25 {main}
GuzzleHttp\Exception\ClientException from line 113 of /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Exception/RequestException.php: Client error: `GET https://[CF_ACC_ID].r2.cloudflarestorage.com/[R2_BUCKET_NAME]/?prefix=metawiki%2Ftemp%2F&delimiter=&encoding-type=url` resulted in a `403 Forbidden` response:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message></Error>
#0 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Middleware.php(69): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Psr7\Request), Object(GuzzleHttp\Psr7\Response), NULL, Array, NULL)
#1 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(204): GuzzleHttp\Middleware::GuzzleHttp\{closure}(Object(GuzzleHttp\Psr7\Response))
#2 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(153): GuzzleHttp\Promise\Promise::callHandler(1, Object(GuzzleHttp\Psr7\Response), NULL)
#3 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/TaskQueue.php(48): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise\{closure}()
#4 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php(159): GuzzleHttp\Promise\TaskQueue->run()
#5 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php(184): GuzzleHttp\Handler\CurlMultiHandler->tick()
#6 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(248): GuzzleHttp\Handler\CurlMultiHandler->execute(true)
#7 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(224): GuzzleHttp\Promise\Promise->invokeWaitFn()
#8 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()
#9 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()
#10 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(269): GuzzleHttp\Promise\Promise->waitIfPending()
#11 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(226): GuzzleHttp\Promise\Promise->invokeWaitList()
#12 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/guzzlehttp/promises/src/Promise.php(62): GuzzleHttp\Promise\Promise->waitIfPending()
#13 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/AwsClientTrait.php(58): GuzzleHttp\Promise\Promise->wait()
#14 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/ResultPaginator.php(138): Aws\AwsClient->execute(Object(Aws\Command))
#15 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/functions.php(52): Aws\ResultPaginator->valid()
#16 /var/www/songngu_stud_usr/data/www/songngu.studio/vendor/aws/aws-sdk-php/src/functions.php(69): Aws\map(Object(Aws\ResultPaginator), Object(Closure))
#17 [internal function]: Aws\flatmap(Object(Aws\ResultPaginator), Object(Closure))
#18 /var/www/songngu_stud_usr/data/www/songngu.studio/extensions/AWS/s3/AmazonS3FileBackend.php(560): Generator->valid()
#19 /var/www/songngu_stud_usr/data/www/songngu.studio/includes/libs/filebackend/FileBackendStore.php(1105): AmazonS3FileBackend->doDirectoryExists('metawiki-sn_-lo...', 'metawiki/temp/', Array)
#20 /var/www/songngu_stud_usr/data/www/songngu.studio/includes/installer/DatabaseUpdater.php(1088): FileBackendStore->directoryExists(Array)
#21 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/update.php(203): DatabaseUpdater->setFileAccess()
#22 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/includes/MaintenanceRunner.php(703): UpdateMediaWiki->execute()
#23 /var/www/songngu_stud_usr/data/www/songngu.studio/maintenance/run.php(51): MediaWiki\Maintenance\MaintenanceRunner->run()
#24 {main}
If R2 responds "403 Forbidden" to a correct request to correct URL, you have something misconfigured on R2 side.
Does "aws s3 ls" command (from AWS CLI) work on your server? (it does exactly the same as this ListObjects operation)
If R2 responds "403 Forbidden" to a correct request to the correct URL, you have something misconfigured on the R2 side.
Does the "aws s3 ls" command (from AWS CLI) work on your server? (it does the same as this ListObjects operation)
I may want to close the issue as I found out the reason:
Cloudflare somehow tries to block the request as either Hotlink Protection or Bot Fight Mode is enabled. Turn that off would fix this. https://developers.cloudflare.com/waf/tools/scrape-shield/hotlink-protection/#enable-hotlink-protection