Reputation: 252
AWS Cloudfront Not Following Whitelist?
This is more of a general question to see if anyone has encountered similar behaviors with AWS Cloudfront. I've had a distribution running a static website with Geo-restrictions applied as follows:
However, when looking at the logs, I see the following:
So my question is - Is CloudFront monitoring ALL requests, even restricted ones? I would think Geo-restriction would implement an ACL and would block all requests at the network level before getting to the distribution to request data.
Upvotes: 2
Views: 687
Answers (1)
Reputation: 180023
CloudFront does not block geo-restricted requests at the network level. It serves a 403 response, which you can customize.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html
CloudFront returns an HTTP status code of 403 (Forbidden) to the user.
You can optionally configure CloudFront to return a custom error message to the user, and you can specify how long you want CloudFront to cache the error response for the requested file; the default value is five minutes.
Upvotes: 1
Related Questions
- AWS Cloudfront blacklist, access via VPN
- CloudFront Error 'CloudFront attempted to establish a connection with the origin'
- Hosting through Cloudfront provides 403
- Getting 403 (Forbidden) when loading AWS CloudFront file
- AWS CloudFront with Signed URL: 403 Access Denied
- CloudFront has been blocked by CORS policy
- Cloudfront and EC2
- Whitelist IPs of Cloud Front on the firewall
- whitelist Authorization header in Cloudfront
- AWS CloudFront Behaviors Issue