1 of our security restrictions is that we need to have a waf sit in front of our cloud foundry endpoints.
So we would like to create a cloudfront distribution and add the WAF to that.
The distribution would then forward all calls to the cloud foundry app. I believe WAF support does not come out of the box as mentioned in #24 .
But the problem is twofold, even if we were able to add the WAF, we need to IP restrict the traffic to the GAAP/cloud foundry my-app.cloudapps.digital endpoint to only coming from the cloudfront distribution.
This is further complicated by the fact that traffic from cloudfront could come from one of 40+ IP addresses so we cannot guarantee where the IP address it is coming from.
You can see 1 rather complicated solution to this problem outlined here.
1 of our security restrictions is that we need to have a waf sit in front of our cloud foundry endpoints.
So we would like to create a cloudfront distribution and add the WAF to that.
The distribution would then forward all calls to the cloud foundry app. I believe WAF support does not come out of the box as mentioned in #24 .
But the problem is twofold, even if we were able to add the WAF, we need to IP restrict the traffic to the GAAP/cloud foundry my-app.cloudapps.digital endpoint to only coming from the cloudfront distribution.
This is further complicated by the fact that traffic from cloudfront could come from one of 40+ IP addresses so we cannot guarantee where the IP address it is coming from.
You can see 1 rather complicated solution to this problem outlined here.