Frequent 403 forbidden errors on TUF repo

[lsd-cat]

Hello,
it happens quite often to me when using Sigstore-related tooling to get TUF failures like:

# sigstore sign <file>
[10:47:50] ERROR            Failed to refresh TUF metadata.                                                                                                                                        errors.py:42
                                                                                                                                                                                                               
                            Please check any Sigstore instance related arguments and consider reporting the issue at <https://github.com/sigstore/sigstore-python/issues/new>.                                 

# model_signing sign <file>
Signing failed with error: Failed to refresh TUF metadata

The reason is that the TUF repository is blocking access from my IP:

# curl https://tuf-repo-cdn.sigstore.dev

<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>403 Forbidden</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Forbidden</h1>
<h2>Your client does not have permission to get URL <code>/</code> from this server.</h2>
<h2></h2>
</body></html>

I'm using a freshly spawned Hetzner VPS, but it also happened from home using a VPN a bunch of times, and on other servers.

I'm hitting the endpoint at 34.117.62.14 from ip 46.62.151.237.

I can workaround by passing the trusted_root manually, but I wonder how many automated jobs or CI pipelines risk failing due to this? I do understand DoS and bot mitigation requirements, but at the same time the CDN is to be consumed by machines

[Hayden-IO]

Interesting, I'm curious if others have been hitting 403s as well. The bucket that stores the TUF repo is publicly accessible. Are you trying to list objects in the bucket? Only object reader is granted to all users.

Just hitting https://tuf-repo-cdn.sigstore.dev I think should be equivalent to reader <bucket name>/index.html, and you should have access to that object. Do these errors self-resolve?

[lsd-cat]

My impression is that it is an IP based filter that gets triggered. I hit the error while using the official Sigstore utilities, so just by using whatever endpoint is included there. The curl is just to double confirm that the repository is returning errors. If I change IP, the error doesn't reproduce.

Maybe it's some type of rate limiting and the previous user of that IP triggered it in some way?

[Hayden-IO]

We don't have a rate limit in place for the bucket or CDN, but I wonder if there's a global rate limit being hit due to a shared IP. We'll likely have to open a ticket with GCP to investigate further, I haven't seen anything suspicious in our logs yet.

[jku]

There are indeed a small amount of 403s in the logs but curiously none that would match curl https://tuf-repo-cdn.sigstore.dev (or the given ip).

Could you share the output of curl -v https://tuf-repo-cdn.sigstore.dev so I can double check?

[lsd-cat]

Thanks for following up! I've since rotate IP so that I could get it working, but if we can leave the ticket open, I'll report back if it happens again (and keep the IP for more testing if I can).