AWS WAFv2 For Hotlink Protection: Future Of Content Security
AWS WAF Classic will be retired. This update describes how to utilise the latest AWS WAF (WAFv2) to avoid hotlinking. Screenshots have been updated to reflect AWS WAF Management Console changes
Stop hotlinking with new AWS WAF. The AWS WAF web application firewall interfaces with Amazon CloudFront, a CDN, to protect web apps from common online vulnerabilities that affect availability, security, and resource utilisation
Hotlinking can be dealt with in a number of ways. For example, you can use the Apache module mod_rewrite to validate the Referer header at your web server
Validating the Referer header at the web server is less useful if you’re using a content delivery network (CDN) like CloudFront to speed up the delivery of material on your website
A web access control list (web ACL) linked to a certain CloudFront distribution makes up an AWS WAF setup
The names of HTTP headers are not affected by case. The same HTTP header is referenced by referer and referer. However, the data in HTTP headers are case-sensitive
Traffic is permitted if the request satisfies the requirements outlined in the rule. If not, the traffic is blocked by the AWS WAF rule