cloudfront redirecting to origin instead of aliasing it

Uri Klar picture Uri Klar · Jul 15, 2014 · Viewed 9.2k times · Source

I'm using a Cloudfront distribution as a proxy for my Heroku server. Why? for these purposes.

Anyway, my app has a force ssl rule on it. When I go to my cloudfront url, the origin being my heroku app url, i'm getting a 301 redirect to the origin, instead of serving as an alias.

Some stuff i did:

At first i had an error saying "request could not be satisfied", so I changed the origin protocol policy to HTTP Only.

Then, I had a redirect loop, so after researching I found out it was caused by the host header being passed in, so i removed forwarding headers.

Now i'm getting this 301 redirect.How can i stop it? What configurations should i look at?

Appreaciate any ideas. Happy to provide any additional information.

Answer

Nate picture Nate · Jul 18, 2014

I just started using CloudFront yesterday and was having the exact same issue. I found the answer below and realized my non-www to www redirect was causing the problem:

I was redirecting from domain.com to www.domain.com and CloudFront was caching and returning that redirect. You would probably see the same thing with an http/https redirect.

If you're doing an HTTP -> HTTPS redirect, you have two options: You can either serve the assets to CloudFront as HTTP or make CloudFront request them as HTTPS. To do the latter, you would need to configure your CloudFront origin to "Match Viewer." That means that if the viewer is using HTTPS, CloudFront will also. If the user is using HTTP, CloudFront would request in HTTP, return the HTTPS redirect it received from your server, and the client would then re-issue the request as HTTPS.

In our case, the assets themselves do not need to be protected in-flight. It is only important that they are served from CloudFront as HTTPS so the user's browser is seeing all HTTPS content. So, in our case, it is not necessary to serve the assets to CloudFront as HTTPS. Regardless of how it fetches the content from our server, CloudFront will match the viewer's protocol when it responds.

https://stackoverflow.com/a/22571467/1101095

One thing you could try is removing any rewrite rules from your .htaccess file temporarily, then try loading a new file through CloudFront. Try a new file each time, because CloudFront caches the responses it gets (whether it's the file or not).