By using AWS re:Post, you agree to the Terms of Use
/Does Amazon CloudFront support HTTP 1.0 requests without the Host header?/

Does Amazon CloudFront support HTTP 1.0 requests without the Host header?


CloudFront fails for an HTTP 1.0 request without the Host header (optional for HTTP 1.0):

Content-Type: application/ocsp-request
Content-Length: 75

HTTP/1.1 400 Bad Request
Server: CloudFront
Date: Wed, 16 Mar 2022 21:22:41 GMT
Content-Type: text/html
Content-Length: 915
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 (CloudFront)
X-Amz-Cf-Pop: ICN51-C1
X-Amz-Cf-Id: KOUV_x5KqMc2f1CsGn1oXTrgaLFSSJn76dycoN97BqIdmgRYjySN3g==

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
<H1>400 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
Generated by cloudfront (CloudFront)
Request ID: KOUV_x5KqMc2f1CsGn1oXTrgaLFSSJn76dycoN97BqIdmgRYjySN3g==

Now, I'm aware that a CDN edge server using shared public IPs (the default when using CloudFront) wouldn't be capable of identifying the correct distribution if it isn't provided with the Host header, so I enabled dedicated IP address for my distribution ( hoping that it could help, but CloudFront still fails.

Now, considering that (at least technically) using dedicated IP addresses would make CloudFront capable of identifying the correct distribution and send the requests to the expected origin even when the Host header is missing, is this something supported at all?.

PS: I don’t even see the previous request through Standard logging, so I guess it is lost even before reaching my distribution.

Same question asked in with a bounty.

2 Answers

It would be good to know why you need to not use the Host header and why using HTTP 1.0 is required. While the specification does say that the header is optional that doesn't mean it isn't required in particular situations.

Here, as you point out, because CloudFront is multi-tentanted the Host header is required so that CloudFront can route the request appropriately by finding the correct distribution. The same behaviour exists on a decidated IP because using one is specifically to allow for browsers that don't support SNI (which has been around since 2010 at least).

answered 2 months ago
  • Some OpenSSL versions (e.g. the current one for Amazon Linux 2) send OCSP HTTP POST requests using openssl ocsp with HTTP 1.0 and without the Host header by default. Now, I know that for multi-tenant CDN edge servers it wouldn't work, but for dedicated IP CDN edge servers it is technically possible and other CDN providers like Akamai or Edgecast support it.


Not sure Cloudfront support without proper incoming Host Header. Maybe try if lambda on edge / CloudFront function can add a Host header if possible?

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions