Can't create cloud connector - error "rule has invalid host"

What is the name of the domain?

every.site

What is the error message?

rule has invalid host

What is the issue you’re encountering

Can’t create cloud connector

What steps have you taken to resolve the issue?

What are the steps to reproduce the issue?

  1. Rules → Cloud Connector
  2. Select aws/gcs/azure
  3. Type bucket url, next
  4. Type connector name and select match filter (or select all incoming requests)
  5. get an error “rule has invalid host”

Are you still having trouble with this? I was just able to create one:

Still have issue with bucketname “bucket.s3-website-region.amazonaws.com

If I’m using “bucket.s3.amazonaws.com” is without the error.

That also works for me:

I’m using static website endpoint (from aws s3 interface) like “images.example.com.s3-website-us-east-1.amazonaws.com”, that didn’t work

Your variant (images.example.com.s3.us-east-1.amazonaws.com) is working

@ncano might know what’s up with that. Literal value images.example.com.s3-website-us-east-1.amazonaws.com passes the inital hostname test, and resolves. But as soon as I attempt a Save it says it’s an invalid host. I tried setting match for Hostname EQUALS, and also tried Path CONTAINS.

2 Likes

Thanks for reporting! We’re aware that *.s3-website-{region} hostnames are not passing the validation right now. Current workaround is to use another accepted URL format (for example, *.s3-website.{region}) while we’re fixing this.

1 Like

It seems that “s3-website-{region}” hostnames was fixed. But I have another issue with website cloud connector:
While I’m trying to set “s3-website-{region}” hostname - getting an error.
“No quota has been allocated for this zone or for this account. If you’re already a paid SSL for SaaS customer, please contact your Customer Success Manager for additional provisioning. If you’re not yet enrolled, please fill out this form and someone from our sales team will contact you: https://www.cloudflare.com/plans/enterprise/contact/. (Code: 1404)”

and popup with “In order for your rule to work, you need to proxy the DNS records of your domain (or subdomain) through Cloudflare.” with button proceed anyway.

  1. dns for domain is already proxied through cloudflare
  2. if “I proceed anyway” website starts redirected too many times from “https” to “http” and back.

Thank you for the report, we are aware of this and are actively working on a fix. These are actually two different issues:

  1. “s3-website-{region}” hostnames are now accepted, but the HTTPS fix hasn’t been released yet.
  2. When a rule is submitted for deployment, we are now trying to validate if the hostname your rule is targeting (if any) exists in your account and is orange-clouded. To do this, we query DNS records and Cloudflare for SaaS custom hostnames in your zone. The SSL for SaaS error originates from this flow, and we’re working on performing this check more gracefully.

I’m happy to report that the issue with AWS S3 and s3-website hostnames has now been resolved. Everything should be working as expected.

1 Like