Malformed request. Please try again. Storj Static Website

i often get this message when accessing my website. I set it up like described here How to Host a Website on Storj | AtmoVantage

also my zone file output is just CNAME

it all worked nice for 1-2h also with cloudflare but suddenly nothing

i am on cloudflare and those are my ssl settings. i had to switch to “flexible” cause i always got the “Error 521: Web server is down.” here they recommended Community Tip - Fixing Error 521: Web server is down - Tutorial - Cloudflare Community

  1. If you have just moved to Cloudflare and you are seeing a 521 over HTTPS, it is possible that your origin server has not been configured to allow port 443 be accessed by Cloudflare IPs. In this case you should configure your server/firewall to being listening on port 443 and allow us to be able to conect. If this is not possible, you can move to using ‘Flexible’ SSL under the SSL/TLS app on the dashboard.

I didn´t know how to allow port 443 be accessed by Cloudflare IPs so i switched the settings to “flexible ssl”

I checked the cloudflare error Analytics

We have found that:

  • mydomain is returning a high percentage of HTTP 5xx server errors Review 5xx Server Error.

Also the Diagnostic Center displays:

  • no_dnssec_found The site does not have any DNSSEC records.
  • not_found_ds_record The hostname has no DS records.
  • HTTPS status fail No, your request failed with a response status of 400 or above.
  • response_non_200 The site’s web server responded with a status code that isn’t 200 (OK).

I’m not accustomed to troubleshooting Cloudflare issues, but I’ll try to help. Can you still reach the linksharing page directly, without Cloudflare? The URLS would be in the form<access-id>/<path> Do you get the same failure if you use Cloudflare with the CNAME of

1 Like

thank you. I am just starting programming totally new to all this.

so i put in this information:<Access Key ID>/<sj://mybucket> and i get Access denied.

i also created a new zone file with this command uplink share --dns <hostname> sj://<bucket>/<prefix> --base-url <linkshare url> and i checked it says

Download : Allowed
Upload : Disallowed
Lists : Allowed
Deletes : Disallowed
NotBefore : No restriction
NotAfter : No restriction
Paths : sj://mylife/ (entire bucket)

Let me start at the beginning a bit. Storj has a native protocol that isn’t HTTP based. Those sj:// link only work with the native “Uplink” command line client. We also have an S3 compatible endpoint (which uses HTTP but doesn’t expose your data publicly) and Linksharing (which uses HTTP and makes your data public). The “access-id” I mentioned is the “storj-access” value you used when setting up your DNS record.

You can definitely use Linksharing without following CloudFront. The steps you took are what you’d do if you wanted 1) a custom URL and 2) SSL/TLS. If you don’t need TLS/SSL, you can just set it to “off” in CloudFlare and possibly skip Cloudflare completely. If you don’t need a custom domain, you can skip CloudFlare and the DNS setup, yet still have TLS.

So assuming you want a 1) public website with 2) a custom domain and 3) TLS/SSL, you’re on the right track. If your page is truly public, are you comfortable sharing the access-id, so I can check from here? Otherwise I’d try to build a URL that looks like this one again:<access-id>/<bucket>/<path>, EG: edge | Storj DCS.

Finally, I’d like to point you to our closest documentation on this topic.



i don´t understand all the different keys and access etc.

so i got this file:

Sharing access to satellite

// is this is the address of the server my website is hosted on?

=========== ACCESS RESTRICTIONS ==========================================================
Download : Allowed
Upload : Disallowed
Lists : Allowed
Deletes : Disallowed
NotBefore : No restriction
NotAfter : No restriction
Paths : sj://mylife/ (entire bucket)
Access : `

// What is this Access for? Where do I use it?

========== CREDENTIALS ===================================================================
Access Key ID: jwdvsqcozolw4cindlv6w5qty43q

// So this is the Access key with which i can see the files in the bucket on the storj network.

Secret Key : j36h37bdrh6unwz3vfsn35qs4znwyduo2zfrnjj2tq43ms2hlwwdq

// What is this Secret key for?

Endpoint :
Public Access: true
=========== DNS INFO =====================================================================
Remember to update the $ORIGIN with your domain name. You may also change the $TTL.

// I don´t get Why? IN TXT storj-root:mylife IN TXT storj-access:jwdvsqcozolw4cindlv6w5qty43q

if i create an access grant and name it mylife and then i import it into the CLI with this command

uplink access import main 1cCYAHiNyogwPRkZbkpo8C6txEeJ4cktWZoHzwAKTwNzGeAKhXyJZojfb8jSGGFSAc5M3zGgswJQXVEkrJ8na6nj4aeRRdtwvjgGFC5GXmgLFgBPn8EtwtmCHhcojrawXbWCdciN7RYGU3c4Lo7JQGxZuaNDGnMfprYGGqkuFXQuVNx4j6EyCxPP9ekhPa8NEh6ZLSLB7Cjf7...

do i have to call “main” “mylife” or is “main” just the name to store the access grant on my local pc?

Also if i create an access grant i generate a passphrase. What is this passphrase for? Do i use this passphrase to access the bucket? So if i create a new bucket with a new passphrase i need also a new access grant? so each bucket has its own access grant?

This is an access grant, you can import it to uplink CLI or use in FileZilla, or any other tool, which have a Storj integration. Or you may form an URL to your object like this:, but it’s less secure than using your Access Key ID, because access grant contains the all required information to get an access to the bucket(s), prefix(es), object(s), project (only with root access grant, generated in the satellite UI). Since you used a shared access grant, it’s derived from your root access grant and has restricted permissions to only this bucket and thus you didn’t breach your security. Just do not post your root access grant - it gives full permissions to your project.


This is a secret key for your access key. Using Access Key ID, Secret Key and Endpoint you can configure aws CLI or any other S3-compatible tool to have an access to your buckets and objects via S3 protocol.

Because now linksharing service is routed automatically to closest location of your clients. But you still can use explicit name of the region, if you would like.

I checked your access - it looks correct, there is only one file accessible - index.html:
Since it’s small, it’s stored inline on your satellite, thus has 0 nodes.


This is encryption phrase, it’s used to derive encryption keys and encrypt your objects during upload and decrypt to show and download.

The encryption phrase can be the same or different. However, to have an access to objects in that bucket you should use the same phrase used during upload.
Moreover - you can upload every single object with a different encryption phrase. But you will see objects only with “their” encryption phrase.

Access grant is generated with the provided encryption phrase. So, if you used a different encryption phrase for the other bucket - you should generate an access grant with that phrase for that bucket to be able to import it to uplink or generate S3 credentials and have an access to objects in this bucket.


i put all the correct infos into my DNS server, but still get “access denied” why? IN CNAME IN TXT storj-root:mylife IN TXT storj-access:jwdvsqcozolw4cindlv6w5qty43q

Is it possible to create a static website where i can display all my storj buckets with the foders/files in it and give users access to different folders via email/password or something like this?

TXT records are missing in DNS response

i put them in it works now took a bit!

It will not be static anymore - you would request login and password from users. For that you need a dynamic site.

You can upload objects to the bucket with a different encryption phrase (for example - provided by your users) and when they want to access them back - they should use the same encryption phrase, otherwise the bucket will look like empty. But you need to implement a UI + backend for that, and I do not think it’s possible to implement such UI + backend only client-side.

The TTL for your domain is 3600. So you need to wait for a hour while you changes will be fully populated and 2 hours for TXT records.


you are super nice and helpful thank you for your patient !!!


is the encryption key another name for the secret key? so the access key is like the public key and the encryption key/ secret key is like my private key ?

Those are all different keys.

Access Key ID and Secret Key are S3-compatible credentials, they are generated when you register your access grant on GatewayMT or GatewayST. You can consider these credentials as random - you cannot derive your encryption key from them, they just unlock your access grant on Gateway to have an access to your buckets and objects. The encryption key embedded to the access grant will allow you encrypt/decrypt your objects.
In these S3 credentials the Secret Key is your private key to access Gateway, yes.

The encryption key in the access grant is your private key to decrypt your objects in buckets, however the whole access grant should be considered as a private key, especially root one, because it contains full information, required to have an access to your object(s), bucket(s) and project.
If this is a root access grant (created in the satellite UI without limits) it gives full permissions to the entire project. Anyone who have a root access grant will have the same permissions as you.
See Access Management | Storj Docs
You can check the access grant with uplink access inspect 12BRU.... to see, what it contains.
For the named access “main”:

uplink access inspect main

So be careful when you share your access grant. Only limited access grants (i.e. for the one object or one bucket with limited permissions like read-only) can be considered relatively safe.

If you share with uplink share --url it will generate an URL containing only Access Key ID (“login” part of GatewayMT credentials). It will allow only read-only access to the shared bucket(s), prefix(es), object(s). Having only Access Key ID nobody can get more information, like what permissions it have or what encryption and API key was used.