Menu
I am trying to set up a CF distribution with custom origin name that points to a custom domain setup in Route53 with latency based routing (to multiple regions). This is because Regional API doesn't including user IP info (XFF header) whereas CloudFront does.
In doing so, I found a really odd behavior with CF. When I configure Cache key and origin requests, CF always give undesired output. Below is what works as I just have managed policy CachingDisabled for Cache policy.
But this has an issue as none of headers is passed to the application, so I conifgured Origin request policy and added AllViewer policy since I would need all custom headers/queryparams from client to be forwarded.
This however breaks as I get an 403 error.
{
"message": "Forbidden"
}
I've also tried Legacy cache settings with headers set to All, but this option also gives 403. I am suspecting it is something to do with some headers appended by CloudFront that get rejected at API Gateway, but I can't configure out..
What gives?
651
I just encountered this problem and after checking with AWS support, turns out that when you set to pass all headers to the origin the 'Host' header is also passed and then API gateway receives an invalid host name in header and return 403
198
answered Feb 23 '26 18:02
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
