[tor-bugs] #13174 [meek]: Amazon CloudFront sets X-Forwarded-For
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 16 21:23:48 UTC 2014
#13174: Amazon CloudFront sets X-Forwarded-For
-----------------------------+--------------------
Reporter: dcf | Owner: dcf
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: meek | Version:
Resolution: fixed | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------
Changes (by dcf):
* status: new => closed
* resolution: => fixed
Comment:
I enabled HTTPS between CloudFront and meek-server. Let's see how it goes!
I had some trouble with "502 Bad Gateway" errors until I changed the
configuration not to forward the Host header—it was causing the SNI
received at meek-server to be the cloudfront.net subdomain and the
CloudFront client to hang up right after the TLS handshake. (Some time
around June, CloudFront [http://aws.amazon.com/about-aws/whats-
new/2014/06/26/amazon-cloudfront-device-detection-geo-targeting-host-
header-cors/ changed its behavior] with respect to the Host header.) I
updated the instructions at [[doc/meek#AmazonCloudFront]] to note the
header issue.
As a side effect of not forwarding Host, the header got a little smaller.
Note the absence of e.g. CloudFront-Is-Mobile-Viewer.
{{{
POST / HTTP/1.1
Host: meek.bamsoftware.com
Via: 1.1 c54d7f08e2f3dab1918454910cc8aad0.cloudfront.net (CloudFront)
X-Amz-Cf-Id: GEa3aeRPZsED7h4rdOm4mDlWawfqJq4_gWOAh4_IHQx7eWihDuj8MA==
Connection: Keep-Alive
Content-Length: 0
Accept-Encoding: gzip, deflate
X-Forwarded-Proto: https
User-Agent: Amazon CloudFront
X-Forwarded-For: 192.0.2.101
X-Session-Id: b+vY64oFn23X1x74/Iq24WhDOscVqsO+zgqpXwAebhw=
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13174#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list