Cloudfront domain not actually global

[TroyGuffey]

EACH random-named CloudFront server must be authorized EACH TIME one is encountered, despite "cloudfront.net" being listed in my whitelist.

[jdgalt]

In my experience this is only partly true. Each web site that uses CF seems to have its own server there, which doesn't change and once authorized, is reachable forever. But it would still be a great improvement to let the user enable *.cloudfront.net and have it work for the whole domain.

In fact allowing wild card domains generally would be a big improvement -- not least because I could use it to ban particular TLDs. For instance, does *.top have anything but spam senders in it?

[myrdd]

EACH random-named CloudFront server must be authorized EACH TIME one is encountered, despite "cloudfront.net" being listed in my whitelist.

Don't forget to put the asterisk in front: *.cloudfront.net. This works for me.

In case you're talking about RP 0.5, wildcards are not supported.

In my experience this is only partly true. Each web site that uses CF seems to have its own server there, which doesn't change and once authorized, is reachable forever.

I suppose you're talking about the domain name, as opposed to the actual server. I too think the domain name—such as d111111abcdef8.cloudfront.net—is permanent. For reference, this site says:

A public URL for an object in an Amazon S3 bucket uses this format:

http://<CloudFront domain name>/<object name in Amazon S3 bucket

[...]

For example, suppose you have an Amazon S3 bucket called mybucket. The bucket contains a publicly readable object named /images/image.jpg.

You create a CloudFront distribution and specify mybucket.s3.amazonaws.com as the origin server for this distribution. CloudFront returns d111111abcdef8.cloudfront.net as the domain name for the distribution and EDFDVBD6EXAMPLE as the distribution ID.

[...]

For web distributions, if you're storing your content in more than one Amazon S3 bucket, the format of URLs is the same—URLs don't include any information about your Amazon S3 buckets.

---

But it would still be a great improvement to let the user enable *.cloudfront.net and have it work for the whole domain.

If you're talking about a menu option for *.cloudfront.net: I won't implement that. "cloudfront.net" is a public suffix. [RP wiki] But still, you can create a *.cloudfront.net rule manually. Regarding that, you might be interested in #470.

In fact allowing wild card domains generally would be a big improvement -- not least because I could use it to ban particular TLDs. For instance, does *.top have anything but spam senders in it?

Simple wildcard support is already implemented. By simple I mean domain name specs with the asterisk in the front, just like *.com. For wildcards anywhere in the domain name spec, see #417.

[jdgalt]

I have created a *.cloudfront.net rule manually. It just does not work. Why has this been closed?

[myrdd]

@jdgalt This is what I do:

1. Create a fresh firefox profile
2. Install RPC 1.0.beta12.4 from AMO
3. Visit http://www.golem.de/
4. Observe the current behavior
   • Open the menu.
   • The menu shows that requests to d3ujids68p6xmq.cloudfront.net have been blocked.
   • Close the menu.
5. Manually add a rule
   • policy: Allow
   • destination host: *.cloudfront.net
   • temporary: unchecked
   • all other fields empty
6. Reload/revisit http://www.golem.de/
7. Observe the new behavior
   • Open the menu.
   • The menu shows that requests to d3ujids68p6xmq.cloudfront.net have been allowed.

If this does not work for you, tell me. If this only happens in your main profile, there might be a bug. If so, please read wiki:Contributing.