From 854468a713679d2daf805f95bccb963c8c390193 Mon Sep 17 00:00:00 2001 From: Klaus Post Date: Wed, 20 Oct 2021 02:18:16 -0700 Subject: [PATCH] Return parseable error on S3 requests (#1120) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return S3 compatible error when an S3 API request is made to the console port. Before: ``` λ mc ls local9090 mc: Unable to list folder. XML syntax error on line 1: invalid character entity &display (no semicolon) ``` After: ``` λ mc ls local9090 mc: Unable to list folder. S3 API Request made to Console port. S3 Requests should be sent to MinIO API port. ``` --- restapi/configure_console.go | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/restapi/configure_console.go b/restapi/configure_console.go index a3391eec2..b5adda1b4 100644 --- a/restapi/configure_console.go +++ b/restapi/configure_console.go @@ -186,7 +186,28 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler { IsDevelopment: false, } secureMiddleware := secure.New(secureOptions) - return secureMiddleware.Handler(next) + return RejectS3Middleware(secureMiddleware.Handler(next)) +} + +// RejectS3Middleware will reject requests that have AWS S3 specific headers. +func RejectS3Middleware(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if len(r.Header.Get("X-Amz-Content-Sha256")) > 0 || + len(r.Header.Get("X-Amz-Date")) > 0 || + strings.HasPrefix(r.Header.Get("Authorization"), "AWS4-HMAC-SHA256") || + r.URL.Query().Get("AWSAccessKeyId") != "" { + w.WriteHeader(http.StatusForbidden) + w.Write([]byte(` + + AccessDenied + S3 API Request made to Console port. S3 Requests should be sent to API port. + 0 + +`)) + return + } + next.ServeHTTP(w, r) + }) } func AuthenticationMiddleware(next http.Handler) http.Handler {