Download link issues

Hey y’all,
I’ve had this issue for a while with a few users but as my user base increases, so do the number of people who can not access my downloads via my s3 bucket. Many users are now getting Access Denied messages. I’ve just made all my links public and linked to them directly so that at least folks can access but obviously this is not ideal.

I added this code to my headers because I thought the issue was due to cacheing:

<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate, max-age=86000, s-maxage=86000" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />

Anybody got any ideas as to what is going on and what I can do to fix this??? Even after I direct folks to they still have trouble.

I don’t need hardcore protection btw. I’m running a site for teachers and their membership includes access to teaching handouts, etc. As long as they are a member (1 year subscriptions) they have access to our content.

Hi Gigi.

How are you linking to your s2 protected files in S3? Using the S3 URL won’t work. WP Admin > s2Member > Download Options > Basic

  • Now, you can link to any protected file, using this special format:
    s2member_file_download = file, relative to the /s2member-files/ directory. In other words, just the file name.
  • Or, use: [s2File download="" /] (easier Shortcode if you prefer)
    Shortcode equivalent: [s2File /] produces the entire URL for you, easier.


I was linking via the link and experimented with the download key option.

(My files were not public in my bucket but to get the direct links to work, I made them public.)

@clavaque I know you are super busy but would love your insight on getting this resolved. There is no pattern as far as I can tell… I thought it might have been a firewall from a particular university as it was happening to a lot of Arizona State Uni teachers but turns out that it’s happening all over the place, not just at ASU. I also spoke to their IT department and they didn’t see an issue.

What message are they getting exactly?
Sometimes, I forget to set the ACL to give access. I am using Cloudberry Explorer for Amazon to tweak those settings (it is free and soooo much more convenient than going through Amazon itself).

Right-click on the file you want to get the settings changed, choose ACL settings and for All users, check Read and Read ACP. See if that helps.

1 Like

What are your settings like for the S3 bucket and IAM user?

@Cassel awesome. thanks for the tip. I tried doing what you said through Amazon’s interface but couldn’t find anything that talked specifically about ACP’s.

Also, can I just apply these permissions to an entire bucket rather than each individual file?

@clavaque - Hopefully I can answer these questions correctly:
IAM user is PowerUserAccess
S3 is set up to Block public access (bucket settings) -

Block public access to buckets and objects granted through new access control lists (ACLs)
Block public access to buckets and objects granted through any access control lists (ACLs)
Block public access to buckets and objects granted through new public bucket policies
Block public and cross-account access to buckets and objects through any public bucket policies

Perhaps this is what @Cassel was referring to? This stuff is totally out of my comfort zone of knowledge so I’m a bit ineffective at troubleshooting…

I never set the permission on a whole bucket, but I just checked using Cloudberry and it SEEMS like you can set the ACL to the whole bucket. I don’t know how effective it is for files added afterward though.

As I said before, I never manage those permissions in S3 directly but I just use Cloudberry. There, I just right-click the file in question, and choose ACL Settings to get all those settings for reading and writing to the file.

I looked into Cloudberry and unfortunately I’m on a mac.

Oh… never realized it was a Windows program. Sorry.

no worries. it’s in beta so hopefully soon… the biggest disadvantage to being on a mac.

You are using CloudFront, right? Then, if I remember correctly, the S3 bucket should not “Block public access to buckets and objects granted through new access control lists (ACLs)” when you create the distribution. Maybe you need to unblock another one in your case.

If you can reproduce the behavior consistently switching to other user accounts, it would not take you long to test the different bucket settings there and see which one makes a difference in the behavior. Then you test getting the file directly from the bucket.