400 Bad Request errors (infrequent) on public Amazon S3 assets

dlrust

12/30/22, 5:58 PM

We are hosting S3 public assets (images) under a local path using a reverse proxy from NGINX to S3.

We have noticed periodic errors in our logs (400 errors) which are very infrequent, but are causing issues for visitors. We can tell these are AWS errors since the content type returned is application/xml. Loading these same assets right after the logged error returns the correct response.

I've enabled logging on my relevant S3 buckets, but upon inspecting the logs I do not see any 400 errors listed during the timeframes the errors occured.

Would AWS throttle our requests since they are coming from one IP (through the NGINX reverse proxy)?
What types of 400 statuses would S3 return for public objects that are valid?
Is there another place in the AWS console that would display these 400 errors so we could investigate?

Updated specific example case:

Example of our asset local path: https://www.example.com/assets/images/Oasis_PalmImage_20210809_Web_v01.png

Public S3 URL: https://sb-oasis.s3.amazonaws.com/images/Oasis_PalmImage_20210809_Web_v01.png

Example of the NGINX log during logged error:

response_content_type: application/xml

status: 400

content_length: 355 bytes

305

0 + 3

nginx

amazon-s3

amazon-web-services

Tim

12/30/22, 7:30 PM

I'm curious how application/xml tell you it's an AWS error, can you explain that a bit more? Can you correlate the request in your Nginx logs with an AWS request, regardless of status code? I wonder if the error is between Nginx and S3, with the requests not actually arriving at S3. Suggest you edit your post to give more detail - where is your server, maybe a picture, etc. Also check your Nginx error logs.

dlrust

12/30/22, 9:47 PM

@Tim We have not been able to visually see these error responses other than the logs. We are pretty confident that the application/xml means an S3 error due to 1) the assets being served are Image files 2) other S3 errors (invalid bucket, etc) are returned as XML 3) Dont have anything in nginx configuration that would be of that type

Tim

12/30/22, 10:39 PM

I wonder if there's a way to log the body of error responses, as that might tell you more about the problem. I also wonder if you could have the user directly access S3, but that might not work with browser security settings. https://serverfault.com/questions/361556/is-it-possible-to-log-the-response-data-in-nginx-access-log/598045

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: 400 Bad Request errors (infrequent) on public Amazon S3 assets

TH: ข้อผิดพลาด 400 Bad Request (ไม่บ่อยนัก) ในสินทรัพย์ Amazon S3 สาธารณะ

RO: 400 de erori de solicitare greșită (rar frecvente) pe activele Amazon S3 publice

RU: 400 ошибок неверного запроса (редко) в общедоступных ресурсах Amazon S3

VI: 400 lỗi Yêu cầu không hợp lệ (không thường xuyên) trên tài sản Amazon S3 công khai

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.