Preventing Amazon Cloudfront hotlinking
I use Amazon Cloudfront to host all my site's images and videos, to serve them faster to my users which are pretty scattered across the globe. I also apply pretty aggressive forward caching to the elements hosted on Cloudfront, setting Cache-Controlto public, max-age=7776000.
I've recently discovered to my annoyance that third party sites are hotlinking to my Cloudfront server to display images on their own pages, without authorization.
I've configured .htaccessto prevent hotlinking on my own server, but haven't found a way of doing this on Cloudfront, which doesn't seem to support the feature natively. And, annoyingly, Amazon's Bucket Policies, which could be used to prevent hotlinking, have effect only on S3, they have no effect on CloudFront distributions [link]. If you want to take advantage of the policies you have to serve your content from S3 directly.
Scouring my server logs for hotlinkers and manually changing the file names isn't really a realistic option, although I've been doing this to end the most blatant offenses.
Any suggestions would be welcome.
Answer
You can forward the Referer header to your origin
- Go to CloudFront settings
- Edit Distributions settings for a distribution
- Go to the Behaviors tab and edit or create a behavior
- Set Forward Headers to Whitelist
- Add Referer as a whitelisted header
- Save the settings in the bottom right corner
Make sure to handle the Referer header on your origin as well.