https download file with custom S3 URL

Question

I believe the following question should be asked here and not @Super User.

My web application is using S3 for users to download files. Prior customizing the url, files were downloaded from S3 with this url scheme:

https://mybucket.s3-website-us-west-1.amazonaws.com/file.zip

I wanted to hide from the users that i am using S3 for my files, so i made a new CName (files.mydomain.com) at my DNS panel with the value S3.amazonaws.com .

Now the url is http://files.mydomain.com/file.zip .

My question is since the file is hosted at S3 (which by default uses https://) are still the files downloaded via secure http? Note that i am using http for my subdomain.

I hope i made it clear.

Thanks

score 3 · Accepted Answer · answered Aug 21 '14 at 06:54

3

No, your files are not being downloaded via https, since your link is with http.

What you need to do is to put your S3 bucket behind CloudFront. In CloudFront, you have the ability to upload a custom SSL certificate to use with your CNAME (and it is free for SNI-based SSL).

answered Aug 21 '14 at 06:54

Florin Asăvoaie

7,057
23
35

So i am loosing the https functionality with my custom url. :( That's no good. Thanks. – Theodoros80 Aug 21 '14 at 06:56
Why not use CloudFront? It is not expensive at all and if you set it to cache the files from S3, the speed is MUCH better for CloudFront. – Florin Asăvoaie Aug 21 '14 at 07:07
Well,to be honest, i haven't looked at CF at all and i don't what learning-curve has.. – Theodoros80 Aug 21 '14 at 07:10
1

Takes 15 minutes to set it up in front of S3, including reading the doc on how to do it. :) – Florin Asăvoaie Aug 21 '14 at 07:11
I think this will solve my problem, although will take more than 15 minutes :) https://bryce.fisher-fleig.org/blog/setting-up-ssl-on-aws-cloudfront-and-s3/ – Theodoros80 Aug 21 '14 at 07:19

score 0 · Answer 2 · answered Aug 21 '14 at 06:59

0

Well a CNAME doesnt change anything. Client is still connecting to the IP, not the name. Though im surprised that CNAME'ing just works, without having to add the new name to the server.

Is the connection HTTPS? Who knows. You may be redirected from HTTP to HTTPS or you may not. Impossible to say really without an actually download link to test with.

You can test with wget on a linux commandline.

wget http://files.mydomain.com/file.zip

and see if you get redirected to https before download.

answered Aug 21 '14 at 06:59

thelogix

389
1
7

I'll check it.thnks – Theodoros80 Aug 21 '14 at 06:59
Oh yeah.. @FlorinAsavoaie points out the certificate issue too. If you were to download from a browser using your new url and you got redirected to HTTPS, you'd get a certificate warning, since you didnt give amazon a certificate for you hostname. – thelogix Aug 21 '14 at 07:01

score -1 · Answer 3 · answered May 08 '19 at 10:31

-1

try this

wget --no-check-certificate --no-proxy --user=username --ask-password -O "downlod url "

answered May 08 '19 at 10:31

Dino

1

There's a reason if https uses certificates to check the server identity. Skipping the certificate check is bad practice, and must never be done in production environments. If you do this, any man-in-the-middle attack would go undetected (so someone that can see and modify the packets between the client and the server can eavesdrop on the connection and worse even modify it). – Ale May 08 '19 at 12:48

https download file with custom S3 URL

3 Answers3