Skip to main content

AWS CloudFront base64 file upload randomly got 502 Bad Gateway error

I have build a upload function for my customer. Due to SQL injection prevent, some of my customer images got blocked by CloudFront. But instead of trying to manually clean these injection, customer want normal upload. (I can use some tool like imagemagick to convert back and ford png/jpg for example to clean injection part).
So I ended up by using base64 encoding and custom jQuery fileupload (blueimp). This lead to some other problems, mostly randomly got 502 error on batch of 200 files upload.

https://stackoverflow.com/questions/20664018/cloudfront-custom-origin-distribution-returns-502-error-the-request-could-not-b

https://www.tessian.com/blog/how-to-fix-http-502-errors/



I had a similar issue recently which turned out to be due to ssl_ciphers that I was using.


From http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html,


"CloudFront forwards HTTPS requests to the origin server using the SSLv3 or TLSv1 protocols and the AES128-SHA1 or RC4-MD5 ciphers. If your origin server does not support either the AES128-SHA1 or RC4-MD5 ciphers, CloudFront cannot establish an SSL connection to your origin. "


I had to change my nginx confg to add AES128-SHA ( deprecated RC4:HIGH ) to ssl_ciphers to fix the 302 error. I hope this helps. I have pasted the line from my ssl.conf


ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:AES128-SHA:!ADH:!AECDH:!MD5; 

https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/

https://blogs.halodoc.io/apply-rate-limiting-to-your-resources-using-aws-cloud-front-and-waf/

https://blogs.halodoc.io/apply-rate-limiting-to-your-resources-using-aws-cloud-front-and-waf/




For my case simple reduce  concurrent uploading files solved issue.
limitConcurrentUploads: 10,


    const maxChunkSize = 5000 * 1000;

    $("#fileupload").fileupload({
        url: 'uploadMediaFile',
        dataType: "json",
        autoUpload: true,
        // maxChunkSize: maxChunkSize,
        dropZone: $('#drag-and-drop-zone'),
        disableImageResize: true,
        // limitConcurrentUploads
        // sequentialUploads: false,
        // singleFileUploads: false,
        // limitMultiFileUploadSizeOverhead,
        limitMultiFileUploads: 10,

        add: function (e, data) {
            var acceptFileTypes = extFilter;
            let file = data.originalFiles[0];
            if (typeof file == 'undefined') {
                console.log('undefined file');
                return;
            }
....
});

Comments

  1. `Indian Hyderabadi cuisine is famous all over the world. Everyone loves Hyderabadi Indian cuisine. Adeena's Kitchen is the first restaurant to provide Hyderabadi Indian food in London to its customers.
    Adeena's kitchen is located in Croydon, London. London regorges of tourist attractions. The restaurant serves the best version of Indian Hyderabadi cuisine to Indian connoisseurs. The irresistible taste, the rich fragrance, the rich blend of epics, and the aroma of traditional Indian spices will remind you of your country, and homeland. The quiet atmosphere of the restaurant will allow you to spend more time with your family or friends. We offer budget lunch and dinner for you to enjoy the scrumptious dishes while saving money. From the main course to Hyderabadi Biryani, to non-veg curries, to mouth-watering tandoori dishes, to Hyderabadi Haleem especially during Ramzan. Only fresh ingredients and spices are used to bring out the authentic Hyderabadi flavour to the dishes. So if you are using an outing with friends, or family members, this is the best place for appetizer aperitifs. The restaurant offers a variety of classic and contemporary dishes.02036678566


    adeenaskitchen.co.uk
    ..We deliver delicious Hyderabadi food to your doorstep.

    ReplyDelete
  2. An Indian Restaurant & Takeaway in Croydon. We serve a wide range of delicious Asian & Indian food. We offer online ordering and table booking.For reservation call 02036678566


    adeenaskitchen.co.uk/

    ReplyDelete

Post a Comment

Popular posts from this blog

AWS Elasticache Memcached connection

https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/accessing-elasticache.html#access-from-outside-aws http://hourlyapps.blogspot.com/2010/06/examples-of-memcached-commands.html Access memcached https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/GettingStarted.AuthorizeAccess.html Zip include hidden file https://stackoverflow.com/questions/12493206/zip-including-hidden-files phpmemcachedadmin ~ phpMyAdmin or phpPgAdmin ... telnet mycachecluster.eaogs8.0001.usw2.cache.amazonaws.com 11211 stats items stats cachedump 27 100 https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/VPCs.EC.html https://lzone.de/cheat-sheet/memcached VPC ID Security Group ID (sg-...) Cluster: The identifier for the cluster memcached1 Creation Time: The time (UTC) when the cluster was created January 9, 2019 at 11:47:16 AM UTC+7 Configuration Endpoint: The configuration endpoint of the cluster memcached1.ahgofe.cfg.usw1.cache.amazonaws.com:11211 St...

Notes Windows 10 Virtualbox config, PHP Storm Japanese, custom PHP, Apache build, Postgresql

 cmd => Ctrl + Shift + Enter mklink "C:\Users\HauNT\Videos\host3" "C:\Windows\System32\drivers\etc\hosts" https://www.quora.com/How-to-create-a-router-in-php https://serverfault.com/questions/225155/virtualbox-how-to-set-up-networking-so-both-host-and-guest-can-access-internet 1 NAT + 1 host only config https://unix.stackexchange.com/questions/115464/how-to-properly-set-up-2-network-interfaces-in-centos-running-in-virtualbox DEVICE=eth0 TYPE=Ethernet #BOOTPROTO=dhcp BOOTPROTO=none #IPADDR=10.9.11.246 #PREFIX=24 #GATEWAY=10.9.11.1 #IPV4_FAILURE_FATAL=yes #HWADDR=08:00:27:CC:AC:AC ONBOOT=yes NAME="System eth0" [root@localhost www]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 # Advanced Micro Devices, Inc. [AMD] 79c970 [PCnet32 LANCE] DEVICE=eth1 IPADDR=192.168.56.28 <= no eff => auto like DHCP #GATEWAY=192.168.56.1 #BOOTPROTO=dhcp BOOTPROTO=static <= no eff ONBOOT=yes HWADDR=08:00:27:b4:20:10 [root@localhost www]# ...

Rocket.Chat DB schema

_raix_push_notifications avatars.chunks avatars.files instances meteor_accounts_loginServiceConfiguration meteor_oauth_pendingCredentials meteor_oauth_pendingRequestTokens migrations rocketchat__trash rocketchat_cron_history rocketchat_custom_emoji rocketchat_custom_sounds rocketchat_import rocketchat_integration_history rocketchat_integrations rocketchat_livechat_custom_field rocketchat_livechat_department rocketchat_livechat_department_agents rocketchat_livechat_external_message rocketchat_livechat_inquiry rocketchat_livechat_office_hour rocketchat_livechat_page_visited rocketchat_livechat_trigger rocketchat_message rocketchat_oauth_apps rocketchat_oembed_cache rocketchat_permissions rocketchat_raw_imports rocketchat_reports rocketchat_roles rocketchat_room rocketchat_settings rocketchat_smarsh_history rocketchat_statistics rocketchat_subscription rocketchat_uploads system.indexes users usersSessions https://rocket.chat/docs/developer-guides/sc...