1

I facing and issue related to AWS CloudFront and my WordPress website.

WP website is behind AWS CF and it utilizes a third party service, let's assume it's a verification service.

Scenario is like WP website receives a request from user and it then internally requests verification service and provides a response to user.

WP website has to be registered and whitelisted with the verification service first.

The issue is that when the WP website is behind CF, verification service gets the IP of CF and as it's not whitelisted beforehand it gets an authorization error. Without CF it's working fine as intended.

I have tried using X-Forwarded_For request headers but to no avail. I am sure it's my lack of understanding of AWS which is causing the issue.

Can someone please help and or guide me to the right direction?

Thanks.

Dakait
  • 115
  • 5

1 Answers1

1

It seems that CloudFront works as a reverse proxy here. This means that it will open a TCP connection to the verification service, and on that connection, the source IP is CloudFront IP. This is unavoidable.

You need to check how to tell the visitor's IP address to the verification service. Typically it is done with X-Forwarded-For header, but if it did not work, then the service does not support it.

It is possible that the verification service does not have a mechanism for this. In that case you cannot use it and CloudFront.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • I have actually tried putting my domain name e.g. www.xyz.com in the `X-Forwarded-For` header. I wanted to try and put an IP address but not sure how can I find the exact IP. I tried finding one by running `tracert` but that did not work either. Maybe it's not supported by the service provider.Thank you for your time. – Dakait Aug 18 '22 at 09:50
  • 1
    The domain name is incorrect data for `X-Forwarded-For`. The header should contain the IP address of the visitor to the service. In https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html it is told that CloudFront automatically adds this header to the requests it forwards. This means that you need to check your verification service how to make it use the `X-Forwarded-For` content as client IP address. – Tero Kilkanen Aug 18 '22 at 20:19