diff --git a/weed/s3api/auth_signature_v2.go b/weed/s3api/auth_signature_v2.go
index 786243f84..9f2167c43 100644
--- a/weed/s3api/auth_signature_v2.go
+++ b/weed/s3api/auth_signature_v2.go
@@ -239,7 +239,8 @@ func validateV2AuthHeader(v2Auth string) (accessKey string, errCode s3err.ErrorC
 
 	// Signature V2 authorization header format:
 	// Authorization: AWS AKIAIOSFODNN7EXAMPLE:frJIUN8DYpKDtOLCwo//yllqDzg=
-	if !strings.HasPrefix(v2Auth, signV2Algorithm) {
+	const signV2AlgorithmPrefix = signV2Algorithm + " "
+	if !strings.HasPrefix(v2Auth, signV2AlgorithmPrefix) {
 		return "", s3err.ErrSignatureVersionNotSupported
 	}
 
diff --git a/weed/s3api/auth_signature_v2_test.go b/weed/s3api/auth_signature_v2_test.go
index d876c5abe..01b7156aa 100644
--- a/weed/s3api/auth_signature_v2_test.go
+++ b/weed/s3api/auth_signature_v2_test.go
@@ -57,6 +57,11 @@ func TestValidateV2AuthHeader(t *testing.T) {
 			authHeader:    "HMAC AKIAIOSFODNN7EXAMPLE:signature",
 			expectedError: s3err.ErrSignatureVersionNotSupported,
 		},
+		{
+			name:          "algorithm prefix without space",
+			authHeader:    "AWSXAKIAIOSFODNN7EXAMPLE:signature",
+			expectedError: s3err.ErrSignatureVersionNotSupported,
+		},
 		{
 			name:          "missing colon separator",
 			authHeader:    "AWS AKIAIOSFODNN7EXAMPLE",
@@ -232,7 +237,7 @@ func TestDoesSignV2Match(t *testing.T) {
 			query:         "",
 			headers:       map[string]string{"Date": "Mon, 09 Sep 2011 23:36:00 GMT"},
 			authOverride:  "AWSAKIAIOSFODNN7EXAMPLE:signature==",
-			expectedError: s3err.ErrInvalidAccessKeyID,
+			expectedError: s3err.ErrSignatureVersionNotSupported,
 			expectIdent:   false,
 		},
 	}