{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 萌系小妹纸 的问题《AWS Restrict access from cloudfront to load balanc》','https://www.manongdao.com/q-912903.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm using Cloudfront with load balancing and ec2 instances.
In AWS, my load balancer accepts traffic from all http connections. It is possible to restrict that to accept only http connections from my Cloudfront distributions ? And how can I do that ?
Thanks.
AFAIK, you can't do this at layer 3 as an ELB will allow access from anywhere (0.0.0.0/0).
If you're running Apache and can find a specific header that cloudfront uses/sets then you could do this at layer 7 using mod_headers.
According to http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html cloudfront will set the Header
Viato 1.1 alphanumeric-string.cloudfront.net, so you could match this in your virtualhost by doing something like: