Reputation: 33
CloudFront multiple origins configuration
I would like to start using CF on my website hosted here, I have a few questions that maybe some of you aws guys knows, thanks for your help. my website have multiple origins that are located over different servers and different ELB, i would like to configure CF in order to collect data from different origins and provide content using different policy and remove a layer of reverse proxy that I've in place right now plus caching some stuff. Below my idea about the CF configuration:
Origins:`
www.pippo.com > XXX.cloudfront.net
Origin 1: pluto.pippo.com = xxx.elb1.aws.amazon.com > WC
Origin 2: paperino.pippo.com = xxx.elb2.aws.amazon.com > WC
Origin 3: minnie.pippo.com = Apache\Nginx\Tomcat`
Behaviors:`
Origin 1: pluto.pippo.com/*.jpg cache
Origin 1: pluto.pippo.com/*.png cache
Origin 1: pluto.pippo.com/*.* cache
Origin 1: pluto.pippo.com Default(*) NON cache
Origin 2: paperino.pippo.com/paywall/* NON cache
Origin 2: peperino.pippo.com/*.png cache
Origin 2: peperino.pippo.com/*.jpg cache
Origin 2: paperino.pippo.com Default(*) NON cache
Origin 3: minnie.pippo.com/*.jpg cache
Origin 3: minnie.pippo.com/*.png cache
Origin 3: minnie.pippo.com/*.* cache
Origin 3: minnie.pippo.com Default(*) NON cache`
Questions:
When my users open www.pippo.com CF will provide the cached content (*.jpg \ .png in the example) and eveything is not specified in the behaviors will be directly requested (using the default () policy) from the ELB to the webcaches. Correct? From the CF or from the user?
How i can prevent that users go directly to pluto.pippo.com ? just a 301 with exception for the CF subnet?
Using this configuration Sticky Sessions will be maintained?
Sorry for the newbie question. Thanks for any help.
Upvotes: 1
Views: 1887
Answers (1)
Reputation: 563
This may not completely answer your questions, however:
- Sticky sessions: You'll need to forward all cookies (or whitelist the AWSELB cookie) for your default rule (assuming this captures your page requests - unless you're using page extensions, in which case they'd be caught by the . rule).
Presumably you don't want your cached content (.jpg .png .) to obey sticky sessions.
- Preventing users from accessing the origin: There isn't an really effective way to do this for custom origin. You can try security through obscurity (create an obscure origin domain) and / or only allow direct requests with an 'Amazon Cloudfront' User-Agent.
Upvotes: 1
Related Questions
- Multiple Cloudfront Origins with Behavior Path Redirection
- Why should I use multiple origins for a cloudfront distribution?
- Cloudfront Multiple origins within the same bucket
- AWS CloudFront with multiple S3 origins
- Cloudfront Invalidation for custom origin root
- Hosting multiple S3 origins under one CloudFront distribution
- Cloudfront with custom origin and identical domain
- Cloudfront - multiple origins on same distribution
- Can I configure Cloudfront so its split traffic to two origins
- Amazon CloudFront custom origin configuration