Overview
You are trying to access the Bonzai site but receiving errors related to the Bonzai CDN site. You are on an on-premise (self-hosted) client. You can ping cdn.bonzaicloud.com from any client machine. cdn.bonzaicloud.com has been allowed and setup as with permissions from the end user's web filters. IP addresses which fail when pinged are EU based Amazon IPs. The issue doesn't occur when connecting to Amazon IP addresses in North America.
Information
There is no method to restrict calls to Amazon CDN servers to North America only. One could add the Cloudfront servers to an allow rule. Please see this article: Amazon Cloud Front Locations Of Edge Servers
Amazon uses CloudFront to deliver content to viewers from its origin using globally distributed edge locations or POPs (Points of Presence).
When a viewer makes a request on your website or through your application, DNS routes the request to the POP that can best serve the user’s request. This location is typically the nearest CloudFront edge location in terms of latency. In the POP, CloudFront checks its cache for the requested files. If the files are in the cache, CloudFront returns them to the user. If the files are not in the cache, the POPs go to the nearest regional edge cache to fetch the object.
After you configure CloudFront to deliver your content, here's what happens when users request your files:
- A user accesses your website or application and requests one or more files, such as an image file and an HTML file.
- DNS routes the request to the CloudFront POP (edge location) that can best serve the request—typically the nearest CloudFront POP in terms of latency—and routes the request to that edge location.
- In the POP, CloudFront checks its cache for the requested files. If the files are in the cache, CloudFront returns them to the user. If the files are not in the cache, it does the following:
- CloudFront compares the request with the specifications in your distribution and forwards the request for the files to your origin server for the corresponding file type—for example, to your Amazon S3 bucket for image files and to your HTTP server for HTML files.
- The origin servers send the files back to the edge location.
- As soon as the first byte arrives from the origin, CloudFront begins to forward the files to the user. CloudFront also adds the files to the cache in the edge location for the next time someone requests those.
With that being said, there are no dedicated IP addresses for each CloudFront distribution; instead the distribution will resolve to its closest edge location (POP) IP addresses assigned at that time, and then from there, the edge location will deliver the data either from its cache or by contacting associated back-end Origin.
Hence, CloudFront distribution IP addresses change frequently and Amazon cannot guarantee advance notice of changes. Amazon highly recommends not to use these addresses for mission-critical applications and must never hard code them in DNS names.
However, on a best-effort basis, Amazon will provide the list of current addresses and Amazon Web Services (AWS) publishes its current IP address ranges in JSON format. To view the current ranges, download ip-ranges.json and for more information, see AWS IP Address Ranges in the Amazon Web Services General Reference.
To find the IP address ranges that are associated with CloudFront edge servers, search ip-ranges.json (LINK) for the following string:
"service": "CLOUDFRONT"
From this file you can find IP CIDR ranges with two different "network_border_group" one is "GLOBAL" edge locations (POPs) and the other is region-specific for regional edge cache servers.
The IP ranges under "GLOBAL" will be used by both POPs in and out of North America and the IP address ranges may be rotated across POPs, with that there is no way to get region-specific POP IP address ranges.
Ensure your CloudFront distribution is configured with "cdn.bonzaicloud.com" as its CNAME domain and that Geo Restriction is in Disabled state which means requests from all regions will be allowed at CloudFront distribution level.