Restrict access to AWS Cloudfront hosted content

1
votes

A "rival" application has admitted that they are scraping all of my static content (images/audio files) that are hosted on AWS Cloudfront.

Is it possible to put a block on the content being accessed unless it is requested from my web domain?

For example - https://d2z2xv99psdbxu.cloudfront.net/audio/SF697497-01-01-01.mp3 can only be played if it is played from xyz.com

I had thought about only allowing access from my server IP but I am also using Cloudflare CDN. Is there a work around?

1
amazon-web-servicesamazon-cloudfront

1 Answers

0
votes

AWS CloudFront supports custom ACLs (Access Control List) via AWS WAF.

You should be able to limit requests to your own domain in the ACL.

Here are a couple of similar scenarios:

https://aws.amazon.com/blogs/security/how-to-prevent-hotlinking-by-using-aws-waf-amazon-cloudfront-and-referer-checking/

https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-associating-cloudfront-distribution.html

Hope it helps!