0

We are working on setting up a list of domain names we need to have whitelisted for educational institutions who use our site. We are using AWS S3 as well as cloudfront.

In our cloud front, we have multiple cnames set up such as d1.streaming.example.com and d2.streaming.example.com each pointing to a different domain name in the cloudfront system so we can track who is using what via domain.

The question is, can we just have the school whitelist *.example.com (which is our domain) or should we have them also whitelist the *.cloudfront.com domain as well?

bretterer
  • 135
  • 8

1 Answers1

1

It depends on how they whitelist.

If they do so at the IP level, as long as the IP ultimately pointed to by the CNAME is whitelisted, it would be OK. At the DNS level, it would depend on whether the implementation allows whitelisted CNAMEs to automatically allow the A lookup to complete the request, or if the A lookup would fail if the hostname given by the CNAME is not permitted.

Other implementations (proxies, browser-level URL checking, etc) would depend as well.

DerfK
  • 19,313
  • 2
  • 35
  • 51