How do I resolve the error "The request could not be satisfied. Request Blocked." from Amazon CloudFront?
Last updated: 2019-04-08
Amazon CloudFront is returning the error "The request could not be satisfied. Request Blocked." How can I resolve this error?
"The request could not be satisfied. Request Blocked." is an error from the client. This error can occur due to AWS Web Application Firewall (WAF) rules associated with the CloudFront distribution. To troubleshoot this error, first check the AWS WAF default action that is set on the associated web access control list (web ACL). Then, try the following troubleshooting steps based on the default action:
The default action is set to Allow
To resolve the error when the default action is Allow, follow these steps:
- Review requests to be sure that they don't match the conditions for any AWS WAF rules with Action set to Block.
- If valid requests match the conditions for a rule that blocks requests, update the rule to allow the requests.
The default action is set to Block
If the default action is set to Block, then AWS WAF blocks requests in the following scenarios:
- The request matches the conditions of a rule that has Action set to Block.
- The request doesn't match the conditions of any rule that has Action set to Allow.
To resolve the error when the default action is Block, follow these steps:
- Review requests to be sure that they match the conditions for any AWS WAF rules with Action set to Allow.
- If valid requests don't match any existing rules that allow requests, create a rule that allows the requests.
Note: To troubleshoot further, you can use the AWS WAF console to review a sample of requests that match the rule that might be causing the "Request Blocked" error. For more information, see Viewing a Sample of the Web Requests That CloudFront or an Application Load Balancer Has Forwarded to AWS WAF.