appengine returns 403 for a file
I have two apps, one is a full stack spring boot app serving Angular files running on a VM, and the second one is app to deploy a spring boot client to the AppEngine environment. The second one is managed by Google.
- A Springboot app serving Angular files is working successfully on a VM hosted in the google cloud. Pretend the external ip address for the VM is 44.99.88.66
If I goto http://44.99.88.66 then, in the network tab, all files needed for the Angular UI to render, including the index.html, is returned back successfully and the app is working as designed.
For example, one of the file listed in index.html is runtime.a1f14f474125f28b.js
Request URL: http://44.99.88.66/runtime.a1f14f474125f28b.js
Request Method: GET
Status Code: 200 OK
Direct access to the app running on the VM is successful. No issues here.
- The second app is built following the instructions available at Code labs
This is a proxy spring boot app that was deployed to app engine successfully. The intent behind the proxy is to serve files from the VM instance listed above. Essentially it will act as a frontend to the backend app.
The proxy server configuration is like this:
public class SolrProxyServletConfiguration implements EnvironmentAware {
@Bean
public ServletRegistrationBean servletRegistrationBean() {
org.mitre.dsmiley.httpproxy.ProxyServlet proxy = new org.mitre.dsmiley.httpproxy.ProxyServlet();
ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean((Servlet) proxy);
servletRegistrationBean.addInitParameter(proxy.P_TARGET_URI, "http://44.99.88.66");
servletRegistrationBean.addInitParameter(proxy.P_LOG,"true");
servletRegistrationBean.addUrlMappings("/*");
return servletRegistrationBean;
See Apache http proxy server details here
<dependency>
<groupId>org.mitre.dsmiley.httpproxy</groupId>
<artifactId>smiley-http-proxy-servlet</artifactId>
<version>2.0</version>
</dependency>
This proxy server works, some of the files are served but NOT all. Maybe firewall configuration issue?
Now, from cloud shell, when I run the command mvn -DskipTests spring-boot:run and then preview port 8080 on localhost, and look at network tab,
I can verify index.html was returned back by the VM successfully. This index.html needs runtime js file and few other files.
Request URL: https://8080-cs-850933564101-default.cs-us-west1-wolo.cloudshell.dev/runtime.a1f14f474125f28b.js
Request Method: GET
Status Code: 403 Forbidden
I get 403 for this file, after this app is deployed also.
And when I deploy the app by running the command mvn -DskipTests package appengine:deploy and then go to the URL for the App engine https://<MY-PROJECT_NAME>.uw.r.appspot.com, then index.html is returned successfully to the browser.
However, the runtime js file is not returned and the error is 403 again. I can reproduce this issue by running Springboot run command on localhost and/or deploy it to the Appengine to reproduce it there.
Request URL: https://<MY-PROJECT_NAME>.uw.r.appspot.com/runtime.a1f14f474125f28b.js
Request Method: GET
Status Code: 403 Forbidden
When I look at the log files in the VM box, the VM box does return the runtime js file successfully.
Also, there is another file script js file and that is served successfully like so:
Request URL: https://<MY-PROJECT_NAME>.uw.r.appspot.com/scripts.637b95686c28d236.js
Request Method: GET
Status Code: 200 OK
So, one file (script js) is served successfully back to the browser, but NOT the other (runtime js).
File permission for both the files script js and runtime js is -rw-r--r--
I am wondering if this is a firewall configuration issue? Some files are returned but not all.
I got a success response when I test health endpoint, https://<MY-PROJECT_NAME>.uw.r.appspot.com/health the response is Health check successful . So, one end point is working correctly, however, the endpoint to render the Angular UI app is returning some files and for some them browser sees 403.
Please let me know, if more information is needed or if I can engage professional service to fix this issue where a proxy server is not able to return a file?
Thanks and regards, Ganesh
When you encounter a 403 Forbidden error, it may be due to a firewall configuration or the way your App Engine configuration file is set up.
(1) Try to check the firewall settings by navigating to your App Engine’s Firewall UI. Use Test IP Address to verify that the settings are correct and if the external IP would be allowed by the existing firewall rules.
(2) Check your app’s configuration files, specifically the app.yaml file, to see and check if the runtime.js file is correctly declared as static_files and not mistakenly marked as an application code file.
You can also check this StackOverflow post, which I think might be related to your concern but it offers a different workaround.
If above doesn’t not work and if you have a support package, I would recommend you getting help through reaching out to Google Cloud Support for a more in-depth analysis of your issue or you can just open an issue report on Google’s App Engine public issue tracker but please note that they won’t be able to provide a specific timeline for when the issue will be resolved.
- How to Transfer a BigQuery view to a Google Cloud Storage bucket as a csv file
- Structured Logs in Google Cloud Run not being parsed (using Winston for logging)
- How to properly add spring-cloud-gcp-starter dependency in Spring Boot Maven project?
- Will firebase switch to Blaze Plan from Spark Plan automatically as soon as the limits are exhausted?
- Do I have to install packages needed each time when I start Google Colab?
- Artifact Registry returns 404 for private Go Module
- The query limitation with max 30 filter parameters still exists in GCP Firestore Enterprise with MongoDB compatibility?
- Google Speech to Text - Not Getting the transcription
- Google Cloud Document AI cannot access Firebase Storage bucket - permission error
- BigQuery - Export CSV certain columns
- Need help to bulk download logs from Google Cloud Platform - Cloud Logging
- Google Cloud Run external API calls get very slow
- Google cloud - pub/sub - write to Bigquery with metadata - missing fields
- Lots of "Uncaught signal: 6" errors in Cloud Run
- BigQuery select last modified time using __TABLES__ from all tables in all datasets?
- Loading BigQuery tables from large pandas DataFrames
- Cloud build keeps using legacy service account despite change in settings
- Without Firebase: PlatformException(sign_in_failed, com.google.android.gms.common.api.ApiException: 10: , null, null)
- Firebase app hosting rollouts getting stuck due to max_instances which I cannot control
- (Terraform, Cloud Run) Error: Forbidden Your client does not have permission to get URL / from this server
- How to fix the storage exceeded issue for Google Drive when uploading using Service Accounts
- Cloud Build fails to use Docker BuildKit Cache
- How do I know if an Google App Engine instance is Standard or Flexible?
- How to install Apache server in GCE VM instance?
- I Can't Delete My GCP VM Instances, They are Stuck
- Error when trying to migrate a GKE Autopilot cluster to cgroupv2
- How can you set the default triggering event for a Google Cloud Run function?
- Cloud Run failing to connect to Cloud SQL
- appengine returns 403 for a file
- GCP Cloud CDN cache invalidation taking too long