Origin Protocol Policy for HTTP and HTTPS Communication in CloudFront

Origin Protocol Policy

Prev Question Next Question

Question

In Cloudfront what is the Origin Protocol policy that must be chosen to ensure that the communication with the origin is done either via http or https.

Choose an answer from the options below.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C.

Its clearly given in the aws documentation that the Origin Protocol Policy should be set accordingly.

For more information on Cloudfront CDN please see the below link:

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html
Origin Protocol Policy (Amazon EC2 and Other Custom Origins Only)

The protocol policy that you want CloudFront to use when fetching objects from your origin server.

Important

If your Amazon $3 bucket is configured as a website endpoint, you must specify HTTP Only.
Amazon $3 doesn't support HTTPS connections in that configuration.

Choose the applicable value:

© HTTP Only: CloudFront uses only HTTP to access the origin.

© HTTPS Only: CloudFront uses only HTTPS to access the origin.

* Match Viewer: CloudFront communicates with your origin using HTTP or HTTPS, depending on the
protocol of the viewer request. CloudFront caches the object only once even if viewers make requests
using both HTTP and HTTPS protocols.

Important

For HTTPS viewer requests that CloudFront forwards to this origin, one of the domain
names in the SSL certificate on your origin server must match the domain name that you
specify for Origin Domain Name. Otherwise, CloudFront responds to the viewer
requests with an HTTP status code 502 (Bad Gateway) instead of the requested object.
For more information, see Requirements for Using SSL/TLS Certificates with CloudFront.

The Origin Protocol Policy in Amazon CloudFront determines the protocol that CloudFront uses when communicating with the origin server. There are three options available:

A. HTTP: With this option, CloudFront will always use HTTP when communicating with the origin server, regardless of whether the viewer requested the content over HTTP or HTTPS. This option does not provide any encryption for the data being transmitted between CloudFront and the origin server.

B. HTTPS: With this option, CloudFront will always use HTTPS when communicating with the origin server, regardless of whether the viewer requested the content over HTTP or HTTPS. This option provides encryption for the data being transmitted between CloudFront and the origin server.

C. Match Viewer: With this option, CloudFront will use the same protocol as the viewer requested when communicating with the origin server. If the viewer requested the content over HTTP, CloudFront will use HTTP when communicating with the origin server. If the viewer requested the content over HTTPS, CloudFront will use HTTPS when communicating with the origin server. This option provides encryption for the data being transmitted between CloudFront and the origin server when the viewer requested the content over HTTPS.

D. None of the above: This option is not available in CloudFront and is not a valid answer.

Therefore, the correct answer to ensure that communication with the origin is done either via HTTP or HTTPS is option C: Match Viewer. With this option, CloudFront will use the same protocol as the viewer requested when communicating with the origin server, providing encryption for the data being transmitted between CloudFront and the origin server when the viewer requested the content over HTTPS.