How do I configure CloudFront to forward the host header to the origin?

3 minute read
2

The origin that's configured on my Amazon CloudFront distribution uses virtual hosting. So, my distribution must forward the host header to my origin server. I want to configure my distribution to forward the host header.

Short description

To configure your distribution to forward the host header to the origin, take one of the following actions:

  • Create a cache policy and an origin request policy.
  • Edit the settings of an existing behavior in the distribution.

Important: For Amazon Simple Storage Service (Amazon S3) origins, caches based on the host header aren't supported. For more information, see Select the headers to base caching on.

If you create a custom policy for Amazon API Gateway origins without a custom domain, then don't forward the host header. Otherwise, you get a 403 error.

Resolution

Create a cache policy and an origin request policy

Complete the following steps:

  1. Open the CloudFront console.
  2. Choose Create cache policy.
  3. Under Cache key settings, for Headers, choose Include the following headers.
  4. On the Add header dropdown list, choose Host.
  5. Complete all other settings of the cache policy based on your requirements.
  6. Choose Create.
  7. Attach the policies to the relevant behavior of your CloudFront distribution.

Edit the settings of an existing behavior

Complete the following steps:

  1. Open the CloudFront console
  2. Choose your distribution.
  3. Choose the behaviors, and then choose the path to forward the host header to.
  4. Choose Edit.
  5. Under Cache key and origin requests, confirm that Legacy cache settings is selected. If it isn't selected, then follow the steps in the preceding section to create a cache policy. If Legacy cache settings is selected, then choose the following values:
    For Headers, choose Include the following headers.
    On the Add header dropdown list, choose Host.
  6. Choose Save Changes.

(Optional) Forward the header under a different name

To forward the HOST header value under a custom or different header name, use a CloudFront function or AWS Lambda@Edge function.

To forward the header under a different name, complete the following steps:

  1. Check the incoming host header. For CloudFront functions, check the viewer request event. For Lambda@Edge, check the view or origin request event.

  2. To store the host header value from a client request to the custom header, activate the CloudFront Functions function handler command in the viewer request. For example, if the incoming host header is host, then add a new header that has the same value.
    Example code:

    function handler(event) {
        const request = event.request;
        const headers = request.headers;
        const host = request.headers.host.value;
        headers['x-forwarded-host'] = { "value": host }
        // NOTE: This example function is for a viewer request event trigger. 
        // Choose viewer request for event trigger when you associate this function with a distribution. 
        return request
    }
  3. To forward the custom header to the origin, configure the cache or host request policy to allowlist the x-forwarded-host header.

Related information

Cache content based on request headers

Control the cache key with a policy

AWS OFFICIAL
AWS OFFICIALUpdated 3 months ago
4 Comments

Is it possible to forward the header under a different name? For example "host" -> "x-forwarded-host"?

replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied a year ago

I have the same question, is it possible to forward the header under a different name? For example "host" -> "x-forwarded-host"?

If you updated the Knowledge Center, can you post a link to the information here so there's a breadcrumb trail for future pioneers? Thanks.

profile picture
johnny
replied 7 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 7 months ago