You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some users want to protect against hotlinking. A simple way is checking the value of Referer header with a CloudFront Functions function. The request will be rejected if the referer is not in the allow list.
There is a Lambda@Edge code example on Github, but no CloudFront Functions code.
The following is my CFF code. It has been tested in my environment and has been deployed in the production of a few customers. I was wondering if it is useful for this project?
//Escape "." character in a string
RegExp.escape = function(string) {
return string.replace(/\./g, '\\.');
};
function handler(event) {
var request = event.request;
var headers = request.headers;
var referrer = headers['referer'];
var response = {
statusCode: 403,
statusDescription: 'Forbidden',
headers: {
'content-type': { 'value': 'text/plain' }
},
body: 'Invalid referrer domain'
};
// Allow requests without the Referer header
if (!referrer) return request;
// Or block requests without the Referer header
// if (!referrer) return response;
var fqdn = referrer['value'].split('/')[2];
// Input your allowed domain name here
var allowedDomains = [
'domain1.com',
'*.domain1.com',
'domain2.com',
'*.domain2.com',
'sub.domain3.com',
'*.sub.domain3.com'
];
var allowedRegexList = [];
//Convert string to regex
for (var i=0; i<allowedDomains.length; i++) {
var domainName = allowedDomains[i];
if (domainName.startsWith('*')) {
domainName = domainName.replace('*', '');
var reg = new RegExp(RegExp.escape(domainName) + '$');
} else {
reg = new RegExp('^' + RegExp.escape(domainName) + '$');
}
allowedRegexList.push(reg);
}
var matchFound = false;
for (var j=0; j<allowedRegexList.length; j++) {
if (fqdn.match(allowedRegexList[j])) {
matchFound = true;
break;
}
}
if (!matchFound) return response;
return request;
}
The text was updated successfully, but these errors were encountered:
Some users want to protect against hotlinking. A simple way is checking the value of
Referer
header with a CloudFront Functions function. The request will be rejected if the referer is not in the allow list.There is a Lambda@Edge code example on Github, but no CloudFront Functions code.
The following is my CFF code. It has been tested in my environment and has been deployed in the production of a few customers. I was wondering if it is useful for this project?
The text was updated successfully, but these errors were encountered: