Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

restrict access to CloudFront URL

0

I have a CloudFront distribution pulling content from a private S3 bucket and aliased to my website domain. Currently, I can access the website from its own domain, but also from the CloudFront distribution's URL. I want to allow access only to the website domain and deny the CloudFront URL. Can I do that?

Themen
KalkulationVernetzung & Bereitstellung von Inhalten
Tags
Bereitstellung von WebsitesAmazon CloudFront
Sprache
English
pmartini
gefragt vor 5 Monaten523 Aufrufe
1 Antwort
0
Akzeptierte Antwort

Hello.

It is possible to block using CloudFront Functions.
For example, you can check the host part included in the request header using the code below, and if "cloudfront.net" is included, you can return HTTP status code 403.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/functions-tutorial.html

function handler(event) {
    var request = event.request;
    var host = request.headers.host.value;

    if (host.includes('cloudfront.net')) {
        return {
            statusCode: 403,
            statusDescription: 'Forbidden',
            body: {
                "encoding": "text",
                "data": "<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>"
            }
        };
    }

    return request;
}

I think it is also possible to block using custom rules using AWS WAF.
https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-rules-creating.html

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 5 Monaten
profile picture
EXPERTE
MaxCloud
überprüft vor 5 Monaten
profile picture
EXPERTE
Gary Mclean
überprüft vor 5 Monaten
profile pictureAWS
EXPERTE
Didier_Durand
überprüft vor 5 Monaten
  • pmartini
    vor 5 Monaten

    Thank you Riku! Just noting that "data" in the response body should only contain plain text, as html tags are displayed literally.

  • Gary Mclean EXPERTE
    vor 5 Monaten

    HTML tags may have shown because the encoding is set to text.

  • pmartini
    vor 5 Monaten

    Thank you Gary! The Developer Guide says: "You can specify the encoding as plain text ("encoding": "text") or as Base64-encoded content ("encoding": "base64")." Both encodings show html tags literally. Is there another way? I tried "text/html", but I got a 503.

  • pmartini
    vor 5 Monaten

    To force parsing html tags one needs to send the content-type header as well, so the correct function syntax is the following:

    function handler(event) { var request = event.request; var host = request.headers.host.value;

    if (host.includes('cloudfront.net')) { return { statusCode: 403, statusDescription: 'Forbidden', headers: { "content-type": { "value": "text/html" } }, body: { "encoding": "text", "data": "<html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>" } }; }

    return request;

    }

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt