Download link issues

oyegigi · 6 August 2019 20:51

Hey y’all,
I’ve had this issue for a while with a few users but as my user base increases, so do the number of people who can not access my downloads via my s3 bucket. Many users are now getting Access Denied messages. I’ve just made all my links public and linked to them directly so that at least folks can access but obviously this is not ideal.

I added this code to my headers because I thought the issue was due to cacheing:

<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate, max-age=86000, s-maxage=86000" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />

Anybody got any ideas as to what is going on and what I can do to fix this??? Even after I direct folks to https://www.refreshyourcache.com/en/home/ they still have trouble.

I don’t need hardcore protection btw. I’m running a site for teachers and their membership includes access to teaching handouts, etc. As long as they are a member (1 year subscriptions) they have access to our content.

clavaque · 7 August 2019 01:17

Hi Gigi.

How are you linking to your s2 protected files in S3? Using the S3 URL won’t work. WP Admin > s2Member > Download Options > Basic

Now, you can link to any protected file, using this special format:
http://s2member.net/?s2member_file_download=example-file.zip
s2member_file_download = file, relative to the /s2member-files/ directory. In other words, just the file name.

Or, use: [s2File download="example-file.zip" /] (easier Shortcode if you prefer)
Shortcode equivalent: [s2File /] produces the entire URL for you, easier.

oyegigi · 9 August 2019 13:52

I was linking via the http://s2member.net/?s2member_file_download=example-file.zip link and experimented with the download key option.

(My files were not public in my bucket but to get the direct links to work, I made them public.)

@clavaque I know you are super busy but would love your insight on getting this resolved. There is no pattern as far as I can tell… I thought it might have been a firewall from a particular university as it was happening to a lot of Arizona State Uni teachers but turns out that it’s happening all over the place, not just at ASU. I also spoke to their IT department and they didn’t see an issue.

Cassel · 9 August 2019 22:28

What message are they getting exactly?
Sometimes, I forget to set the ACL to give access. I am using Cloudberry Explorer for Amazon to tweak those settings (it is free and soooo much more convenient than going through Amazon itself).

Right-click on the file you want to get the settings changed, choose ACL settings and for All users, check Read and Read ACP. See if that helps.

clavaque · 10 August 2019 02:33

What are your settings like for the S3 bucket and IAM user?

oyegigi · 15 August 2019 21:23

@Cassel awesome. thanks for the tip. I tried doing what you said through Amazon’s interface but couldn’t find anything that talked specifically about ACP’s.

Also, can I just apply these permissions to an entire bucket rather than each individual file?

oyegigi · 15 August 2019 21:21

@clavaque - Hopefully I can answer these questions correctly:
IAM user is PowerUserAccess
S3 is set up to Block public access (bucket settings) -

Block public access to buckets and objects granted through new access control lists (ACLs)
Off
Block public access to buckets and objects granted through any access control lists (ACLs)
Off
Block public access to buckets and objects granted through new public bucket policies
Off
Block public and cross-account access to buckets and objects through any public bucket policies
Off

Perhaps this is what @Cassel was referring to? This stuff is totally out of my comfort zone of knowledge so I’m a bit ineffective at troubleshooting…

Cassel · 19 September 2019 19:36

I never set the permission on a whole bucket, but I just checked using Cloudberry and it SEEMS like you can set the ACL to the whole bucket. I don’t know how effective it is for files added afterward though.

As I said before, I never manage those permissions in S3 directly but I just use Cloudberry. There, I just right-click the file in question, and choose ACL Settings to get all those settings for reading and writing to the file.

oyegigi · 19 September 2019 19:38

I looked into Cloudberry and unfortunately I’m on a mac.

Cassel · 19 September 2019 19:51

Oh… never realized it was a Windows program. Sorry.

oyegigi · 19 September 2019 19:54

no worries. it’s in beta so hopefully soon… the biggest disadvantage to being on a mac.

clavaque · 19 September 2019 22:43

You are using CloudFront, right? Then, if I remember correctly, the S3 bucket should not “Block public access to buckets and objects granted through new access control lists (ACLs)” when you create the distribution. Maybe you need to unblock another one in your case.

If you can reproduce the behavior consistently switching to other user accounts, it would not take you long to test the different bucket settings there and see which one makes a difference in the behavior. Then you test getting the file directly from the bucket.