| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Frequently Asked Questions
How can I ensure that I retrieve the correct IP address of the end user visiting my website?
You can use a variety of methods to get the IP address of the end user visiting your website. Here are two possible methods:
If your web server is not connected to the Internet through a load balancer, you can use a web server variable to get the remote IP address. However, this IP address isn't always the end user's IP address—it can also be the IP address of a proxy server, depending on how the end user is connected to the Internet.
If your web server is connected to the Internet through a load balancer, a web server variable may contain the IP address of the load balancer, not the IP address of the end user. In this configuration, we recommend that you use the last IP address in the
X-Forwarded-Forhttp header. This header typically contains more than one IP address, most of which are for proxies or load-balancers. The last IP address in the list is the one most likely to be associated with the end user's geographic location.
If your web server is not connected to a load balancer, we recommend that you use web server variables instead of the
X-Forwarded-For header in order to avoid IP address spoofing. The sample code in this document uses the
X-Forwarded-For header if the header is present. If you do not want to use this method to get the IP address
of the end user, you can edit the sample code.
Can I use any third-party geolocation service to restrict access to my content in CloudFront?
Yes. You will need an account with the third-party service to call their API, and you will need to modify the sample code accordingly.
What is the cost of using this solution?
The cost of using a third-party geolocation service will depend on which service provider you use. Current pricing for CloudFront usage is available on the Amazon CloudFront Pricing page. There are no additional CloudFront charges for using the CloudFront private-content feature.
Can I use location information other than country to block access to my content?
If your geolocation service provides information in addition to the country code, your application can use that information to determine whether you can distribute your content to the end user. Then your application can generate a CloudFront signed URL as described in this tutorial or in Using a Signed URL to Serve Private Content in the Amazon CloudFront Developer Guide.
What should I do if the third-party service is not returning the correct information about an end user?
Confirm that you are correctly calling the API provided by the third-party geolocation service, and that you are using the correct IP address for the end user. If you are still encountering issues with the third-party service or with the accuracy of the data that you receive from the service, contact the service vendor directly.
