I have a lambda function being executed by an API gateway. I have cloudfront pointing traffic to the API gateway endpoint.
How do I access the host/domain the client is on in my lambda function?
Can I move the Host header to X-Forwarded-Host?
e.g.
abc.com (cloudfront) -> API gateway -> lambda (Host: abc.com)
In order to propagate Host header through Cloudfront and API Gateway, follow these steps:
Configure Cloudfront to forward Host header
Step-by-step guide
Key points:
Choose the Behaviors tab, and then choose the path that you want to forward the Host header to.
Choose Edit.
Under Cache key and origin requests, confirm that Legacy cache settings is selected. If it's not selected, then follow the steps in the preceding section to create a cache policy. If Legacy cache settings is selected, then complete the following:
For Headers, select Include the following headers.
From the Add header dropdown list, select Host.
Configure API Gateway request to relay Host header
Detailed docs here
Key point:
Edit your API Gateway resource(s) and for each method you need the Host header edit the Method Request by adding Host header in the HTTP Request Headers list.
You can also move the Host header to X-Forwarded-Host using a Cloudfront function but you would still need to follow the steps above to propagate X-Forwarded-Host header. You can try this out starting with this sample function.
Related
I need to get value for X-AnchorMailbox and X-PublicFolderMailbox header for public folder requests. I was using both of those articles first and second to retrieve values for headers but a problem happened during autodiscover process.
To send autodiscover request I use derived endpoint because i write my application in C++ and use only SOAP/POX requests to retrieve any data from EWS. If i understood correctly this kind of endpoints should be derived from user's e-mail address. So if the user has address user#test.onmicrosoft.com one of the endpoints should be https://test.onmicrosoft.com/autodiscover/autodiscover.xml (for POX). But this endpoint doesn`t work at all.
Is there any way to get correct endpoint or other ways to retrieve values for headers?
There are multiple endpoints (https and http redirect). Plus the endpoints from AD and DNS.
Start at Autodiscover for Exchange
In your particular case (redirect to a hosted M365 mailbox), you will most likely end up going through the unsecured (http://autodiscover.YourDomain.demo/autodiscover/autodiscover.xml) redirect (301, 302, 307, 308) to https://outlook.office365.com/autodiscover/autodiscover.xml
You can also see autodiscover steps if you try the connectivity analyzer at
https://testconnectivity.microsoft.com/tests/Ola/input
I have a website called oldcompany.com. Our product name changed, and I would like to use Azure Application Gateway in front of the website, in order to rewrite the URL, i.e. access the website using the newcompany.com hostname.
There is a feature of Azure Application Gateway, called rewrite rules, that allows to modify request and response headers, documented here: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/application-gateway/rewrite-http-headers-url.md#rewrite-http-headers-and-url-with-application-gateway. The reason I want to use this feature is that it allows specifying complex conditions to rewrite a header. So I don't want to be using the Override with new host name switch on the HTTP setting, but rather overwrite the Host header of all requests going through the application gateway.
I have defined:
the listener to listen on HTTPS, port 443, hostname newcompany.com
the backend pool pointing to oldcompany.com
the rule binding the listener to the backend pool
With this configuration only, accessing https://newcompany.com results in Azure Application Gateway's 502 error page, which is expected, because the Host header in the request is still newcompany.com, which is not a virtual host recognized by the server (which is only serving requests for oldcompany.com).
So, in order to set the Host header, I have configured a rewrite ruleset associated to my routing rule. This ruleset has a rule that changes the request's Host header to oldcompany.com.
However, I still get the same 502 error page when accessing https://newcompany.com. I have pulled the request from my application gateway's access logs, and the request shows the following fields:
host_s: oldcompany.com
originalHost_s: newcompany.com
httpStatus_d: 502
which seems like the correct values for the original and rewritten hosts.
What am I missing to make this work?
I have a API Gateway sitting behind CloudFront. I have a custom header called 'header1'. I want to pass its value from Postman to CloudFront to API Gateway.
I have a lambda sitting behind the API Gateway and I want to use the 'header1' value inside the lambda. I created a custom header inside the origins of the distribution, but it never picks the value from Postman. It always passes the value I set up inside the CloudFront.
Any help would be appreciated!
To proxy a custom request header to your origin, you need to tell CloudFront to include that header in the request CloudFront makes to your origin. You can do this using policies by either:
Using a cache policy. Under headers > Include the following headers, add your custom header there
Using an origin request policy. Also under headers, choose the option that makes sense for your application and add the custom header there.
If the header should be included in your cache key, use a cache policy. Otherwise use an origin request policy.
Additional details here:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/working-with-policies.html
I have a CloudFront distribution abcd1234.cloudfront.net and I've added a custom domain of mysite.com to the distribution.
The CloudFront distribution's origin: aaabbbccc.execute-api.us-east-1.amazonaws.com
When I load the page mysite.com/hello/world, CloudFront is then consuming API Gateway aaabbbccc.execute-api.us-east-1.amazonaws.com/prod/{proxy+}
the API Gateway path endpoint is invoking a Lambda Function that calls a function like getPageContent(customDomainName, pagePath) which should be mysite.com and /hello/world respectively.
However, inside that function, the Host header that eventually makes it into the function's event.headers.Host value is never the custom domain. Instead, the Host header is always aaabbbccc.execute-api.us-east-1.amazonaws.com.
I want headers.Host to equal mysite.com (or another header to show that the request comes from mysite.com, but no matter what I do, the Host value is always just the origin url.
Edit: I tried whitelisting Host and it caused the site to break completely, with the error about not being able to reach the CloudFront distribution.
I am trying to access NIFI rest api of another server from my machine using ajax like below,
url:"https://serverip:port/nifi-api/",
{Authorization : 'Bearer ' + 'access token here'}
Getting Response to preflight request doesn't pass access control
check: No 'Access-Control-Allow-Origin' header is present on the
requested resource error.
Apache NiFi's API is designed to be invoked by a variety of clients, but in this case I think you are encountering a security precaution put in place by CORS (Cross-Origin Resource Sharing).
If a piece of code on server A (your non-NiFi machine) makes an AJAX request to a different origin (your NiFi instance), and the HTTP method is not GET (and some other minor restrictions), server A will first send a "preflight" request, which is HTTP OPTIONS, to the remote instance to determine what requests are valid. A server can reply to this with the header Access-Control-Allow-Origin: *, which is a wildcard value denoting it accepts requests from any origin. However, if you want to send credentials along with the request, the originating hostname must be explicitly listed in the response (Access-Control-Allow-Origin: https://serverA.com).
Because NiFi uses an embedded Jetty server to host the API, you may have to explicitly add a CrossOriginFilter as described here.