: Issues with a Client involving AWS CloudFront and Static IPs I have a social media website that uses AWS extensively. Through the site we stream video stored in S3, and this video is delivered

Posted in: #AmazonAws #AmazonCloudfront #StaticIp

I have a social media website that uses AWS extensively.

Through the site we stream video stored in S3, and this video is delivered through CloudFront.

I have a Client who is one of our biggest users who wants our content to come from a Static IP Address.

Apparently he has a Firewall, and it can only be configured for IP Addresses, not Domain Names.

Unfortunately none of our video content is coming through a Static IP Address. The Domain is the same, but the IP is not.

I have suggested using a Proxy, but apparently this wont work (Ive not been given any explanation as to why it wont work).

This whole situation confuses me, as I can clearly remember configuring my cheap Internet Router at home from 20 years ago to block or unblock both IP Addresses and Domain Names. Every single piece of Firewall Software I have ever used has had the ability to block or unblock both IP Addresses and Domain Names.

The Client I speak to is very friendly, but he is liaising between me and a "Network Engineer" who works at his business.

This Network Engineer just seems to be saying no, without any explanation to myself or the Client, to every suggestion I make. Apparently it is "impossible" to configure the business Firewall to block or unblock Domain Names. A Proxy "just wont work". He is adamant that we must provide him with a Static IP Address.

The Network Engineer also suggested at one point that we are "the only website on the Internet using a dynamic IP Address". I had to explain to my Client that this just isn't true.

I am not networking expert, but I am fairly sure what we are trying to achieve here can be done without a Static IP Address, but I dont know how to proceed when this Network Engineer blocks me at every turn.

This Client is one of our biggest users and I dont want to lose him, but I fear this may be the case if I dont find a solution that his Network Engineer can accept.

Can anyone suggest a course of action for me?

Sorry if this is the wrong place to ask this question. I am just getting quite desperate and want to find a positive resolution to this situation before it gets out of hand. If this is the wrong place, suggestions as to where else I could ask this question would be greatly appreciated.

10.02% popularity Vote Up Vote Down

: Can one create a new goal for previous AdWords visitors if they now go to the goal page? I know you cant create goals retrospectively in Analytics and AdWords. But I have been converting most

@Merenda212

Posted in: #Conversions #Goals #GoogleAdwords #GoogleAnalytics

1 Comments

: How to configure MediaWiki to allow uploading text/plain ".conf' files I'm having a heck of a time getting our internal MediaWiki to allow CONF file uploads. A CONF file is just a plain text

@Merenda212

Posted in: #Configuration #ContentType #Mediawiki #Uploading

2 Comments

: Meta Description has HTML entities, will Google show the real character or the entity code in SERP? Will Google's SERP show the ampersand (&) or the ampersand HTML entity & in its

@Merenda212

Posted in: #MetaDescription #MetaTags #Seo

1 Comments

: How does copying website pages and content but changing CSS affect SEO? I have a media site that has thin content, I'd like to copy the pages to various domains I own. On the sites that

@Merenda212

Posted in: #Css #Domains #DuplicateContent #Html #Seo

2 Comments

Login to post a comment!

2 Comments

Sorted by latest first Latest Oldest Best

@Phylliss660

I am said network engineer, well maybe not that specific one but just another example and I come up against this question all of the time...

There are a number of firewalls out there that when at Enterprise scale, have issues with DNS based ACL's. There are Security and Performance Issues to be considered.

Can you trust the DNS won't be subverted or corrupted - probably, but that still doesnt mean you want your Firewalls doing lookups.

Performance wise - some firewalls will pause to do the lookup, add more delay if the lookup fails for whatever reason - if only for a incredibly small amount of time. This is a big consideration. No problem on your home router, major problem in a large organisation where there are 1000's (millions, billions!) of concurrent traffic streams.

The correct solution in this instance is to use a Proxy Server of some description.

10% popularity Vote Up Vote Down

@Kristi941

I guess, the better, more scalable approach is to find out what system your client is using, and educate that network engineer.

But if you really need a static IP to serve for Cloudfront content for your really important client, and if a different subdomain is acceptable to you, you could set up a proxy on your side for him.

That said, you will lose the advantages of using cloud front for this particular client. All traffic for this client originally intended for cloud front will have be proxied through this EC2 instance. Another disadvantage is that if the proxy load gets too heavy on this EC2 instance, the only way of scaling this box is to scale up (get a bigger instance).

Details:

You will need a Elastic IP address on a EC2 instance, say 101.11.12.13
Set up a subdomain for your client with the DNS pointing to this IP:

myclient.mydomain.com A 101.11.12.13
Run nginx or apache on the EC2 instance doing a proxy to proxy to the cloud front content.

Nginx:

server {
location / {
proxy_pass yourdistribution.cloudfront.net; }
}

Apache:

ProxyPass / yourdistribution.cloudfront.net/ ProxyPassReverse yourdistribution.cloudfront.net/ /

10% popularity Vote Up Vote Down

Feed

: Issues with a Client involving AWS CloudFront and Static IPs I have a social media website that uses AWS extensively. Through the site we stream video stored in S3, and this video is delivered

More posts by @Merenda212

: Can one create a new goal for previous AdWords visitors if they now go to the goal page? I know you cant create goals retrospectively in Analytics and AdWords. But I have been converting most

: How to configure MediaWiki to allow uploading text/plain ".conf' files I'm having a heck of a time getting our internal MediaWiki to allow CONF file uploads. A CONF file is just a plain text

: Meta Description has HTML entities, will Google show the real character or the entity code in SERP? Will Google's SERP show the ampersand (&) or the ampersand HTML entity & in its

: How does copying website pages and content but changing CSS affect SEO? I have a media site that has thin content, I'd like to copy the pages to various domains I own. On the sites that

Login to post a comment!

2 Comments

Back to top | Use Dark Theme

: Issues with a Client involving AWS CloudFront and Static IPs I have a social media website that uses AWS extensively. Through the site we stream video stored in S3, and this video is delivered

More posts by @Merenda212

: Can one create a new goal for previous AdWords visitors if they now go to the goal page? I know you cant create goals retrospectively in Analytics and AdWords. But I have been converting most

: How to configure MediaWiki to allow uploading text/plain ".conf' files I'm having a heck of a time getting our internal MediaWiki to allow CONF file uploads. A CONF file is just a plain text

: Meta Description has HTML entities, will Google show the real character or the entity code in SERP? Will Google's SERP show the ampersand (&) or the ampersand HTML entity &amp; in its

: How does copying website pages and content but changing CSS affect SEO? I have a media site that has thin content, I'd like to copy the pages to various domains I own. On the sites that

Login to post a comment!

2 Comments

Back to top | Use Dark Theme

: Meta Description has HTML entities, will Google show the real character or the entity code in SERP? Will Google's SERP show the ampersand (&) or the ampersand HTML entity & in its