Does Amazon CloudFront support HTTP 1.0 requests without the Host header?
CloudFront fails for an HTTP 1.0 request without the Host header (optional for HTTP 1.0):
POST / HTTP/1.0
Content-Type: application/ocsp-request
Content-Length: 75
HTTP/1.1 400 Bad Request
Server: CloudFront
Date: Wed, 16 Mar 2022 21:22:41 GMT
Content-Type: text/html
Content-Length: 915
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 edd67566d372ed79fbaa7f9cc3d7815e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ICN51-C1
X-Amz-Cf-Id: KOUV_x5KqMc2f1CsGn1oXTrgaLFSSJn76dycoN97BqIdmgRYjySN3g==
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>400 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: KOUV_x5KqMc2f1CsGn1oXTrgaLFSSJn76dycoN97BqIdmgRYjySN3g==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>Now, I'm aware that a CDN edge server using shared public IPs (the default when using CloudFront) wouldn't be capable of identifying the correct distribution if it isn't provided with the Host header, so I enabled dedicated IP address for my distribution (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-https-dedicated-ip-or-sni.html#cnames-https-dedicated-ip) hoping that it could help, but CloudFront still fails.
Now, considering that (at least technically) using dedicated IP addresses would make CloudFront capable of identifying the correct distribution and send the requests to the expected origin even when the Host header is missing, is this something supported at all?.
PS: I don’t even see the previous request through Standard logging, so I guess it is lost even before reaching my distribution.
Same question asked in https://stackoverflow.com/questions/71505681/does-amazon-cloudfront-support-http-1-0-requests-without-the-host-header with a bounty.
It would be good to know why you need to not use the Host header and why using HTTP 1.0 is required. While the specification does say that the header is optional that doesn't mean it isn't required in particular situations.
Here, as you point out, because CloudFront is multi-tentanted the Host header is required so that CloudFront can route the request appropriately by finding the correct distribution. The same behaviour exists on a decidated IP because using one is specifically to allow for browsers that don't support SNI (which has been around since 2010 at least).
Not sure Cloudfront support without proper incoming Host Header. Maybe try if lambda on edge / CloudFront function can add a Host header if possible?
Relevant questions
Get 404 When Using CloudFront URL
asked 5 years agoCloudFront support of HTTP3 protocol
asked a year agoDoes Amazon CloudFront cache HTTP and HTTPS requests as the same object?
Accepted AnswerCloudFront host headers rejected by ISTIO
Accepted Answerasked 2 years agoCloudFront redirects (301) to custom origin (ELB) instead of caching
Accepted Answerasked a year agoCloudFront: InvalidHeadersForS3OriginException in Edit Behavior
asked a year agoUsing Lightsail with Cloudfront
asked 2 years agoDoes Amazon CloudFront support HTTP 1.0 requests without the Host header?
asked 2 months agoProtect and secure http API GW
Accepted Answerasked 2 months agoUnable to add X-forwarded-for header in https api gateway
asked 2 months ago
Some OpenSSL versions (e.g. the current one for Amazon Linux 2) send OCSP HTTP POST requests using
openssl ocspwith HTTP 1.0 and without theHostheader by default. Now, I know that for multi-tenant CDN edge servers it wouldn't work, but for dedicated IP CDN edge servers it is technically possible and other CDN providers like Akamai or Edgecast support it.