I have a Drupal website that's been configured with AWS Cloudfront.
My problem is that now passworded access to the CMS is not happening. The page asks for the username/password and then I click on the "Login" button and it gives me "access denied" message.
The password is fine so I'm sure this is a Cloudfront problem. Can anyone please assist me why this is happening?
The issue happening is with Authentication headers and Cookies not being forwarded to the parent server from the Cloud Front Distribution. Whitelisting Origin, Host, Referrer, Authorization Headers and Forwarding all cookies will fix this issue.
Related
I'll attach an image to illustrate what I'm looking to do:
Note: The above photo should say "Redirect to HTTPS"
To preface, this is the following is the technology stack
DNS: GoDaddy
Proxy: Cloudflare
Client: React app hosted on Heroku
Server: Flask API hosted on Heroku
The flow at least to my understanding is this:
User enters in domain.com in browser and GoDaddy forwards all traffic to Cloudflare so that the site is viewed securely
Cloudflare then forwards the traffic to where the client is hosted
Once client is loaded, it makes a request to the server to receive a CSRF token. The CSRF token is generated by a method within flask-wtf. A session is created in the server and in the response, the CSRF token is attached to the header
Here things gets weird
Since the response received on the client never had the CSRF token attached to the header and no cookie was set on the browser, I would assume that the response goes to Cloudflare before the response hits the client. As a result, the CSRF token is never received. Not sure why this is the case.. But after a bit of research, I've discovered that Cloudflare does this by default.
It seems that a work around would be to use Cloudflare Workers, but that seems only available if their DNS is being used. Ideally, I would like to stick with GoDaddy.
I was wondering if anyone else experienced this and found a different solution.
I am following the instructions mentioned in this repository. Even after white listing the domain name, iframe rendering is being denied due to content security policy being set to self.
Domain whitelisting
I have been experiencing the same issue. I am not quite sure why this happens, probably due to some web browser security updates and iframe policies. The only solution that I found is to download Ignore X-Frame headers extension for Chrome.
I have a client requirement for whitelabelling, for which I need to forward all requests at hello.example.com to data.value.com.
The url in the browser will show hello.example.com but the page loaded will be of data.value.com.
hello.example.com is hosted on GoDaddy and I have made the corresponding entries in GoDaddy
data.value.com is hosted on AWS with a Cloudfront Distribution.
Now, when I hit hello.example.com I get a 403 error from Cloudfront with the following error Message:
403 ERROR
The request could not be satisfied.
Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
When I do ping or traceroute on hello.example.com, I am able to see that the ping happens on data.value.com.
What configuration changes do I need to make in order to re-direct my domain requests.
I own my domain mydomain.com through Google Domains. I'm creating a React application deployed through Amplify CLI. On the console, I tried to set up a custom domain for my Amplify app at https://us-east-2.console.aws.amazon.com/amplify/home?region=us-east-2#/d2xxxxxxxxxxtf/settings/domains so when someone visits admin.mydomain.com, they'd be redirected to my app. I copied the CNAME record over to Google Domains DNS management per this guide, but after AWS verified that I own the domain and supposedly configured everything, I still can't access my app at the subdomain. Whenever I point my browser to admin.mydomain.com, I'm redirected to https://www.admin.mydomain.app. The console seems to have automatically set up this redirect, and I see ERR_CONNECTION_REFUSED at the endpoint it brings me to, because there's nothing hosted there. How do I avoid this redirect?
While I was writing this, I took another look at the Amplify Console (Dec 2019), and found, under App Settings, at the bottom, Rewrites and Redirects, where I found the 302 redirect rule to the www subdomain, removed it, and got this working.
I have a custom domain and I managed to redirect the naked(apex) domain to www subdomain using S3 static website hosting redirect over http. (Without using Cloudfront) (http:// ...)
AWS S3 redirect window
Now that I have setup SSL certificate at my server, my redirect url is secured. And I wish to redirect all the traffic from apex domain to this secured url now. (https:// ...)
On first thought, I changed the protocol in the S3 static website redirect config to https, but it doesn't seem to work as expected.
Documents and other links suggest that I need to make use of Amazon Cloud Front and setup certificate and then the redirection would happen (haven't tried yet).
My question is, since I have setup the certificate at my server, the url I am redirecting to is already secured, I do not wish to do the same in Cloud front. Is there a way I can redirect all traffic from to a secured url without setting up cloud front?
Update 1:
Well S3 changes took their own good time in reflecting with changes.
The protocol redirect to https seems to work now.
It took more than a day's time to reflect the changes.
In my experience, it usually takes 8 hours for DNS related change to reflect. But this redirection took a bit more than usual.
Anyone looking for how to do it :
This is all you need to do