AASA - Bad HTTP Response: 403 Forbidden

Hello, We are getting 403 error from Apple's CDN when app installs, also tried checking other threads be didn't get an answer, Everything worked great for the pas year, until about a week ago when we began getting this error. Attached the log from the curl command. Thanks

*  Trying 17.253.105.202:443...
* Connected to app-site-association.cdn-apple.com (17.253.105.202) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=app-site-association.cdn-apple.com; OU=management:idms.group.665035; O=Apple Inc.; ST=California; C=US
* start date: Aug 5 18:09:37 2021 GMT
* expire date: Sep 4 18:09:36 2022 GMT
* subjectAltName: host "app-site-association.cdn-apple.com" matched cert's "app-site-association.cdn-apple.com"
* issuer: CN=Apple Public Server ECC CA 12 - G1; O=Apple Inc.; ST=California; C=US
* SSL certificate verify ok.
> GET /a/v1/static.bankhapoalim.co.il HTTP/1.1
> Host: app-site-association.cdn-apple.com
> User-Agent: curl/7.79.1
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Date: Sun, 22 May 2022 13:16:13 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 10
< Apple-Failure-Details: {"status":"403 Forbidden"}
< Apple-Failure-Reason: SWCERR00101 Bad HTTP Response: 403 Forbidden
< Apple-From: https://static.bankhapoalim.co.il/.well-known/apple-app-site-association
< Apple-Try-Direct: false
< Cache-Control: max-age=1800,public
< Age: 284
< Via: https/1.1 uklon5-vp-vst-001.ts.apple.com (acdn/146.13260), https/1.1 uklon5-vp-vfe-020.ts.apple.com (acdn/146.13260), http/1.1 nlsrk1-edge-lx-006.ts.apple.com (acdn/144.13255), http/1.1 nlsrk1-edge-bx-008.ts.apple.com (acdn/144.13255)
< X-Cache: hit-stale, hit-stale, hit-fresh, hit-fresh
< CDNUUID: 642df845-fbba-404b-b94b-f9e62d744d9a-12840492660
< Expires: Sun, 22 May 2022 13:16:23 GMT
< Connection: keep-alive
< 
Not Found
* Connection #0 to host app-site-association.cdn-apple.com left intact

This error 403 forbidden is actually what returned to the CDN from your server when trying to access the file, in our case we have this issue because our firewall blocked the apple bot that fetches this file and that has the user agent of AASA-Bot/1.0.0, so make sure that you allow this bot to access the file in your servers.

and in order to make sure that your file actually stored by the CDN it should show up here https://app-site-association.cdn-apple.com/a/v1/bankhapoalim.co.il

AASA - Bad HTTP Response: 403 Forbidden
 
 
Q