8

I have static content that is being served by Cloudflare. Cloudflare points to Amazon S3 to pick up the static content and serves it via a CNAME (cdn.mydomain.com). The bucket is setup properly and everything was working fine for months until Friday when I started getting requests timing out in my browser. I verified that the content was still accessible via S3 and opened a ticket with Cloudflare. Cloudflare reported that "it does appear something at Amazon is likely blocking requests from our IPs" and that they were seeing the following messages in their logs:

upstream timed out (110: Connection timed out) while reading response header from upstream cdn.mydomain.com 
upstream prematurely closed connection while reading response header from upstream cdn.mydomain.com

Here is what I already had in my CORS file. 

<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>Authorization</AllowedHeader>
</CORSRule>

Should I put a * in AllowedHeader? Do I need to explicitly name the Cloudflare IP addresses? What am I missing to avoid the block?

JStark
  • 181
  • 3
  • 1
    Did you get this figured out? I'm seeing the same problem. – Brandon Aug 05 '14 at 21:44
  • Is this still happening? I'm planning on using Cloudflare, but my website is fully provided by AWS. – valter Jun 21 '17 at 01:01
  • Facing same issue with only one domain. Found no solution yet? – Vishvendra Singh Oct 31 '20 at 19:39
  • 1
    @VishvendraSingh I'm sure there is a solution but I never solved it. For the last 6 years I've been using CloudFront without issues. I'd probably use CloudFlare in China because they have better coverage there but in the rest of the world CloudFront serves my needs. – JStark Nov 02 '20 at 03:16
  • @JStark I think its the firewall of cloudflare that is blocking and causing outage at multiple locations. Also I moved to cloudFront yesterday. – Vishvendra Singh Nov 02 '20 at 07:45

1 Answers1

-2

Is there any reason you're not using an Amazon CloudFront distribution backed by an S3 bucket to serve up your static content? Should be more efficient than CloudFlare -> S3, and if Amazon are indeed blocking CloudFlare from accessing S3 (though this doesn't make much sense why they'd do this), this would no longer be an issue for you.

You'd also be able to CNAME your cdn.mydomain.com hostname to [distribution_id].cloudfront.net to preserve your URL scheme and keep the transition transparent to your users. CloudFront operates in a very similar way to CloudFlare, in that their IP addresses are BGP routed to the nearest location worldwide, however Amazon will have more efficient CloudFront -> S3 fetching systems internally.

And as far as I remember, transfer between S3 and CloudFront is free, so you'd be paying not much more (if anything) for bandwidth.

dannosaur
  • 953
  • 5
  • 15
  • 3
    The transfer between S3 and CloudFront is free but there is an additional cost for using CloudFront. CloudFlare was free to use and had more coverage. – JStark Jul 17 '14 at 14:15