From 1b641b4222f3449d300f157380b809f658ccd6f5 Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Mon, 8 Aug 2022 13:37:01 -0700
Subject: [PATCH] return bad request instead of 403's (#2229)

S3 API requests '403' as valid error
in some situations when client is probing
the server for valid S3 endpoint.

return '400 Bad Request' instead.
---
 restapi/configure_console.go | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/restapi/configure_console.go b/restapi/configure_console.go
index 7c0e446c8..795984db4 100644
--- a/restapi/configure_console.go
+++ b/restapi/configure_console.go
@@ -250,6 +250,8 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler {
 	return RejectS3Middleware(next)
 }
 
+const apiRequestErr = `<?xml version="1.0" encoding="UTF-8"?><Error><Code>InvalidArgument</Code><Message>S3 API Requests must be made to API port.</Message><RequestId>0</RequestId></Error>`
+
 // RejectS3Middleware will reject requests that have AWS S3 specific headers.
 func RejectS3Middleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -257,15 +259,10 @@ func RejectS3Middleware(next http.Handler) http.Handler {
 			len(r.Header.Get("X-Amz-Date")) > 0 ||
 			strings.HasPrefix(r.Header.Get("Authorization"), "AWS4-HMAC-SHA256") ||
 			r.URL.Query().Get("AWSAccessKeyId") != "" {
-			w.WriteHeader(http.StatusForbidden)
+
 			w.Header().Set("Location", getMinIOServer())
-			w.Write([]byte(`<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>S3 API Request made to Console port. S3 Requests should be sent to API port.</Message>
-  <RequestId>0</RequestId>
-</Error>
-`))
+			w.WriteHeader(http.StatusBadRequest)
+			w.Write([]byte(apiRequestErr))
 			return
 		}
 		next.ServeHTTP(w, r)