Add Referer Check to your Amazon CloudFront

Question

I know there seems to be a few topics on this but most seem outdated.

The best answer to this issue so far is here: https://stackoverflow.com/a/24587309/2528676

I have added the Referer as a whitelisted header. But I would like to know how to handle the Referer header on the origin. I can't comment on the above answer due to my reputation level so forgive me for creating a new thread.

What should the header name and value be?

Is it as simple as this (where https://example.com/* is my Origin Domain Name)

Or perhaps I am totally in the wrong place.

I don't want to break existing distributions so confirmation from an expert would be great!

Thanks

You are probably in the wrong place, in Origin settings. What are you actually trying to accomplish, here? We need to understand the problem you are trying to solve by chaning `Referer` settings in CloudFront. This is not always a good idea, since it can impact your cache hit rate in a negative way -- but there may be alternatives. Please explain your motivation... and what you mean by "how to handle the Referer header on the origin." — Michael - sqlbot, Apr 05 '18 at 12:23
Sorry, I will try and be more clear. All I am trying to do is prevent hotlinking. Basically stop people using my images (which are hosted on CloudFront) on their websites. How can we can simply check that the request came from my site (Referer) and block any other requests etc (people accessing the image directly or linking it on other peoples sites etc). From my understanding this was the answer: https://stackoverflow.com/a/24587309/2528676 but the last part of handling the referer header on your origin is unclear. — user2528676, Apr 05 '18 at 13:41
Okay, now we are getting somewhere. What is your origin server? Is it S3, Nginx, Apache, ...? — Michael - sqlbot, Apr 05 '18 at 15:56

Add Referer Check to your Amazon CloudFront

0 Answers0