ARTIFACTORY: APT 403 Errors on Ubuntu 18.04 and 20.04 with CloudFront

ARTIFACTORY: APT 403 Errors on Ubuntu 18.04 and 20.04 with CloudFront
Products
Frog_Artifactory
Content Type
Administration_Platform
AuthorFullName__c
Nathan Amiel
articleNumber
000006347
FirstPublishedDate
2025-02-17T08:09:56Z
lastModifiedDate
2025-07-20
VersionNumber
2
Introduction 

When attempting to download an APT package on older versions of Ubuntu, such as 18.04 and 20.04, users might encounter a 403 Forbidden response from CloudFront. 
This issue arises because the APT client modifies the URL obtained from Artifactory and decodes it. This situation occurs for packages larger than 200kb since Artifactory initiates a redirect to CloudFront for such files.

Example:

The original URL from Artifactory is as follows:
https://<MY_CLOUD_FRONT>.cloudfront.net/filestore/c6/c6947df6734902379b2c479f59c0d536b4100f37?response-content-type=application%2Fx-debian-package&x-jf-traceId=715313d14cec81ce&X-Artifactory-repositoryKey=debian-remote-cache&X-Artifactory-projectKey=default&X-Artifactory-artifactPath=pool%2Funiverse%2Fm%2Fmonit%2Fmonit_5.25.1-1build1_arm64.deb&.....
The client transforms this URL to:
https://<MY_CLOUD_FRONT>.cloudfront.net/filestore/c6/c6947df6734902379b2c479f59c0d536b4100f37?response-content-type=application/x-debian-package&x-jf-traceId=4ee95d51762d19db&X-Artifactory-repositoryKey=debian-remote-cache&X-Artifactory-projectKey=default&X-Artifactory-artifactPath=pool/universe/m/monit/monit_5.25.1-1build1_arm64.deb&...
Here is the error you might encounter:
root@7ad72c8b77a4:/tmp# apt-get download monit 
Err:1 https://example.jfrog.io/artifactory/debian-remote-nathana bionic/universe arm64 monit arm64 1:5.25.1-1build1
  403  Forbidden [IP: 0.0.0.0 443]
E: Failed to fetch https://<MY_CLOUD_FRONT>.cloudfront.net/filestore/c6/<CHECKSUM-PATH>?response-content-type=application/x-debian-package&x-jf-traceId=1c3bbee64717be8c662878f8c31422b5&X-Artifactory-repositoryKey=debian-remote-nathana-cache&X-Artifactory-projectKey=default&X-Artifactory-artifactPath=pool/universe/m/monit/monit_5.25.1-1build1_arm64.deb&.... 403  Forbidden [IP: 0.0.0.0 443]



Conclusion

The problem lies with the old APT client, which does not adequately support CloudFront URLs (Due to the decoding explained above), rather than being directly related to Artifactory. 

Nevertheless, APT does support S3 redirects, which we have pre-configured for your instance (Enterprise +), thus enhancing the download process.

Furthermore, this issue has been documented as an old APT bug, which you can review in more detail here: APT Bug Documentation


Solution
 
The recommended solution would be to update Ubuntu to version 22.04 and above.

Alternatively, we can consider creating a dedicated remote Debian repository for clients using these specific versions of Ubuntu without CDN enabled. This approach ensures that other clients can continue utilizing the CDN on different repositories.