Ends in
00
days
00
hrs
00
mins
00
secs
ENROLL NOW

🎁 Get 20% Off - Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

Validate Referrer Headers Using CloudFront Function

Home » Others » Validate Referrer Headers Using CloudFront Function

Validate Referrer Headers Using CloudFront Function

Last updated on April 11, 2024

Amazon CloudFront, a content delivery network (CDN), lets you distribute content with low latency and high data transfer speeds. One of its many features is the ability to create CloudFront functions, which are lightweight functions that can manipulate HTTP requests and responses. This article will discuss creating a CloudFront function to validate Referrer headers.

Referrer Headers

Referrer headers are an essential part of HTTP requests, as they indicate the webpage’s address linked to the resource being requested. By validating these headers, you can add an extra layer of security to your application, preventing unauthorized access and protecting your resources from potential threats.

Cost Optimization

Validating referrer headers can also help optimize costs. For instance, you can prevent external sites from hotlinking content from your CloudFront CDN. Hotlinking is when one website uses things like pictures or videos from another website directly on its site. This can increase data transfer costs for the site hosting the resources. By validating the Referrer headers, you can ensure that only authorized sites can access and display your content, potentially saving data transfer costs.

Monitoring with Top Referrer Panel

AWS provides a Top referrers panel in the CloudFront Console, which allows you to monitor the websites to make requests to your CloudFront distribution. This panel displays the top 25 referrers over a specified period. By monitoring this panel, you can gain insights into which sites are accessing your content the most and take the appropriate action if necessary.

Validate Referrer Headers Using CloudFront Function

Implementation Steps

Tutorials dojo strip

1. Go to CloudFront → Functions. Click the “Create function” button.

  • Name: validate-referrer-headers
  • Description: CloudFront function to validate Referrer headers
  • Runtime: cloudfront-js-2.0
  • Click the “Create function” button.

Validate Referrer Headers Using CloudFront Function

2. In the function code, you need to write logic to validate the Referrer headers. Here’s a basic example. Feel free to modify this based on your requirements:

Validate Referrer Headers Using CloudFront Function

This JavaScript function, handler, is designed to validate the Referer header of HTTP requests in a CloudFront distribution. Here’s a brief explanation:

  • It first extracts the request and headers from the event object.
  • It defines a list of allowed_domains that are permitted to access the content.
  • If the Referer header exists in the request, it checks whether the domain in the Referer is in the allowed_domains list.
  • If the Referer is not in the allowed_domains list, it returns a 403 Forbidden response, indicating that hotlinking is not allowed.
  • If the Referer header doesn’t exist, or if it’s in the allowed_domains list, it allows the request to proceed by returning the original request.

3. After writing the function code, click on “Test” to ensure it works as expected. If the tests pass, click on “Publish” to deploy the function.

Validate Referrer Headers Using CloudFront Function

4. Navigate to the Publish pane.

Validate Referrer Headers Using CloudFront Function

5. Click the “Publish function” button.
6. Associated Distributions. You need to associate the function with a CloudFront distribution. Navigate to the “Distributions” section, select your distribution, and add the function to the “Function associations” section.

Validate Referrer Headers Using CloudFront Function

Validate Referrer Headers Using CloudFront Function

Function Testing Procedure

To validate the effectiveness of your function, you can conduct a test by utilizing an image from your distribution and uploading it to an external site. In this particular scenario, I will employ my personal website as the platform for uploading the image sourced from the established distribution. This process will allow us to observe the function’s response when interacting with authorized and unauthorized domains.

Allowed:

In this scenario, the image is uploaded from a domain that is included in the allowed_domains list of our CloudFront function. Since the domain is authorized, the function allows the request to proceed, and the image is displayed successfully.

Validate Referrer Headers Using CloudFront Function

Not Allowed

In contrast, if the image is uploaded from a domain that is not in the allowed_domains list, the function identifies this as an unauthorized request. As a result, the function blocks the request, and the image is not displayed.

Validate Referrer Headers Using CloudFront Function

Get 20% Off – Christmas Big Sale on All Practice Exams, Video Courses, and eBooks!

Tutorials Dojo portal

Learn AWS with our PlayCloud Hands-On Labs

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

FREE AWS, Azure, GCP Practice Test Samplers

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

Follow Us On Linkedin

Recent Posts

Written by: Nestor Mayagma Jr.

Nestor is a cloud engineer and member of the AWS Community Builder. He continuously strives to expand his knowledge and expertise in AWS to foster personal and professional growth. He also shares his insights with the community through numerous AWS blogs, highlighting his commitment to Cloud Computing technology. In his leisure time, he indulges in playing FPS and other online games.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?