[tor-bugs] #13174 [meek]: Amazon CloudFront sets X-Forwarded-For

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 16 21:23:48 UTC 2014


#13174: Amazon CloudFront sets X-Forwarded-For
-----------------------------+--------------------
     Reporter:  dcf          |      Owner:  dcf
         Type:  enhancement  |     Status:  closed
     Priority:  normal       |  Milestone:
    Component:  meek         |    Version:
   Resolution:  fixed        |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------
Changes (by dcf):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 I enabled HTTPS between CloudFront and meek-server. Let's see how it goes!
 I had some trouble with "502 Bad Gateway" errors until I changed the
 configuration not to forward the Host header—it was causing the SNI
 received at meek-server to be the cloudfront.net subdomain and the
 CloudFront client to hang up right after the TLS handshake. (Some time
 around June, CloudFront [http://aws.amazon.com/about-aws/whats-
 new/2014/06/26/amazon-cloudfront-device-detection-geo-targeting-host-
 header-cors/ changed its behavior] with respect to the Host header.) I
 updated the instructions at [[doc/meek#AmazonCloudFront]] to note the
 header issue.

 As a side effect of not forwarding Host, the header got a little smaller.
 Note the absence of e.g. CloudFront-Is-Mobile-Viewer.
 {{{
 POST / HTTP/1.1
 Host: meek.bamsoftware.com
 Via: 1.1 c54d7f08e2f3dab1918454910cc8aad0.cloudfront.net (CloudFront)
 X-Amz-Cf-Id: GEa3aeRPZsED7h4rdOm4mDlWawfqJq4_gWOAh4_IHQx7eWihDuj8MA==
 Connection: Keep-Alive
 Content-Length: 0
 Accept-Encoding: gzip, deflate
 X-Forwarded-Proto: https
 User-Agent: Amazon CloudFront
 X-Forwarded-For: 192.0.2.101
 X-Session-Id: b+vY64oFn23X1x74/Iq24WhDOscVqsO+zgqpXwAebhw=
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13174#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list