Response from ALB was compressed already but response downloaded in browser from CloudFront is in full size


We have a CloudFront distribution pointing to an ALB origin, the ALB points to ASG with a set of EC2 instance running nginx in it, nginx responses for compression.

If we download the response from ALB directly, the size is ~60KB.

curl -H 'Host:' -H 'Accept-
Encoding: gzip' -k -I
HTTP/2 200 
date: Thu, 29 Jun 2023 06:05:01 GMT
content-type: text/html; charset=UTF-8
server: nginx
vary: Accept-Encoding
cache-control: max-age=300, public, s-maxage=300
vary: X-Guest,Accept,Accept-Encoding,Origin
etag: W/"eeaa320bc21128af1ca7ab3e13dcf497"
last-modified: Wed, 28 Jun 2023 15:02:54 GMT
access-control-allow-methods: GET,POST,PUT
access-control-allow-headers: Origin,Authorization,X-API-Version,Accept,Content-Type
x-frame-options: SAMEORIGIN
x-server-id: 38
content-encoding: gzip <---

curl -H 'Host:' -H 'Accept-
Encoding: gzip' -k > result
ls -lah ./result

-rw-r--r--  1 me  staff    53K Jun 29 14:07 ./result   <--- Just 53KB

However if I check the downloaded size in browser, it is 10x larger.

The CloudFront cache policy we use has Accept, Accept-Encoding as cache key, min/default/max TTL are 0/86400/31536000, both compression support are off for br and gzip(because we compress the response with nginx inside EC2 instances). For cache behavior it is off.

Anything we are potentially doing wrong making the response size 10x large? Thank you for helping

Tom Lo
posta un anno fa922 visualizzazioni
2 Risposte

Hi, did you confirm that the Accept-Encoding is properly set in your browser to match the Accept-Encoding parameter of your curl request? If not, CloudFront will understand that the requester doesn't accept compressed content and will decompress before sending.


profile pictureAWS
con risposta un anno fa
  • Yes we are using Chrome, the request header sent is Accept-Encoding: gzip, deflate, br


Oh well, turns out the problem for some reason is nginx refused to compress request coming from CloudFront when we set gzip_proxied expired no-cache no-store private auth; in nginx.conf. Changing it to gzip_proxied any; then it works…. I am not sure why curl directly to it would get a compressed result.

Tom Lo
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande