如何限制AWS CloudFont,使其仅服务于域上单个目录的请求?

时间:2022-12-04 07:53:21

I have gone through the process of creating a CloudFront distribution with the Origin Domain Name pointing to my main Rails application where assets (images, css, js, ect) are located at /assets.

我已经完成了创建CloudFront发行版的过程,初始域名指向我的主Rails应用程序,其中的资产(图像、css、js、ect)位于/assets。

However, by default, the CloudFront distribution is mirroring the entire domain (including dynamic pages).

然而,默认情况下,CloudFront分发版镜像了整个域(包括动态页面)。

How can I limit it to just the /assets sub-tree?

我如何将它限制到/资产子树?

PS This is the article I am following:

这是我的文章:

https://devcenter.heroku.com/articles/using-amazon-cloudfront-cdn

https://devcenter.heroku.com/articles/using-amazon-cloudfront-cdn

Thanks!

谢谢!

1 个解决方案

#1


3  

Since the default cache behavior can't (afaik) be removed, this seems like a clever "serverless" solution:

由于无法删除默认缓存行为(afaik),这似乎是一个聪明的“无服务器”解决方案:

  • Create a bucket in S3. The name won't matter. Don't put anything in it.

    在S3中创建一个桶。名字不重要。不要放任何东西进去。

  • Add a second origin to your CloudFront distribution, selecting the new bucket as the origin.

    向CloudFront分发版添加第二个起源,选择新的桶作为起源。

  • Create a second cache behavior with path pattern /assets/* pointing to your original origin.

    创建第二个缓存行为,路径模式/资产/*指向您的原始起点。

  • Change the default cache behavior to use the new S3 origin (the unused, empty bucket).

    更改默认缓存行为以使用新的S3起源(未使用的空桶)。

  • CloudFront will forward requests for /assets/* to your existing server, where they will be handled as now, but all other requests will be sent to the empty bucket, which has no content and no permissions, so the response will be 403 Forbidden.

    CloudFront将向您现有的服务器发送/资产/*请求,这些请求将在当前处理,但是所有其他请求将被发送到空桶,该空桶没有内容和权限,因此响应将是403禁止。

  • Optionally, add an appropriate "robots.txt" file to that otherwise-empty bucket, and make it publicly readable, so CloudFront will serve it up to any crawlers that visit your CloudFront distribution, disallowing them from indexing, which should hopefully prompt them to remove any already-indexed results and not try to index the assets or any other paths they might have already learned by crawling the previously-exposed content at the "wrong" URL.

    可以选择添加一个合适的“机器人”。txt”文件夭折了桶,并使其公开可读,所以CloudFront将任何爬虫访问你CloudFront分布,禁止他们从索引,应该希望促使他们删除任何already-indexed结果,不要指数的资产或任何其他路径他们可能已经学会了通过爬行过的内容在“错误”的URL。

如何限制AWS CloudFont,使其仅服务于域上单个目录的请求?

#1


3  

Since the default cache behavior can't (afaik) be removed, this seems like a clever "serverless" solution:

由于无法删除默认缓存行为(afaik),这似乎是一个聪明的“无服务器”解决方案:

  • Create a bucket in S3. The name won't matter. Don't put anything in it.

    在S3中创建一个桶。名字不重要。不要放任何东西进去。

  • Add a second origin to your CloudFront distribution, selecting the new bucket as the origin.

    向CloudFront分发版添加第二个起源,选择新的桶作为起源。

  • Create a second cache behavior with path pattern /assets/* pointing to your original origin.

    创建第二个缓存行为,路径模式/资产/*指向您的原始起点。

  • Change the default cache behavior to use the new S3 origin (the unused, empty bucket).

    更改默认缓存行为以使用新的S3起源(未使用的空桶)。

  • CloudFront will forward requests for /assets/* to your existing server, where they will be handled as now, but all other requests will be sent to the empty bucket, which has no content and no permissions, so the response will be 403 Forbidden.

    CloudFront将向您现有的服务器发送/资产/*请求,这些请求将在当前处理,但是所有其他请求将被发送到空桶,该空桶没有内容和权限,因此响应将是403禁止。

  • Optionally, add an appropriate "robots.txt" file to that otherwise-empty bucket, and make it publicly readable, so CloudFront will serve it up to any crawlers that visit your CloudFront distribution, disallowing them from indexing, which should hopefully prompt them to remove any already-indexed results and not try to index the assets or any other paths they might have already learned by crawling the previously-exposed content at the "wrong" URL.

    可以选择添加一个合适的“机器人”。txt”文件夭折了桶,并使其公开可读,所以CloudFront将任何爬虫访问你CloudFront分布,禁止他们从索引,应该希望促使他们删除任何already-indexed结果,不要指数的资产或任何其他路径他们可能已经学会了通过爬行过的内容在“错误”的URL。

如何限制AWS CloudFont,使其仅服务于域上单个目录的请求?