This script will listen to all ethernet interface requests, but will filter those only related with AWS cloudfront IPS.
sh check-cloudflare.sh will output the tcpdump records that matches cloudfront ips.
Run script, then, using your distribution url dxxxxxx.cloudfront.net access any of your static resources, like dxxxxxx.cloudfront.net/some.jpg
If cloudfront is able to connect to your server, you will see rows in console with origin and target ips.
| #!/bin/bash | |
| # This script downloads the AWS IP ranges JSON, extracts the CloudFront IP prefixes, | |
| # and builds a tcpdump filter to capture traffic from those IP ranges. | |
| # Check if jq is installed | |
| if ! command -v jq &> /dev/null | |
| then | |
| echo "jq is required but not installed. Please install jq and run the script again." | |
| exit 1 | |
| fi | |
| # Download the ip-ranges.json from AWS | |
| JSON_URL="https://ip-ranges.amazonaws.com/ip-ranges.json" | |
| TEMP_JSON="/tmp/ip-ranges.json" | |
| curl -s "$JSON_URL" -o "$TEMP_JSON" | |
| if [ ! -s "$TEMP_JSON" ]; then | |
| echo "Failed to download or empty JSON file." | |
| exit 1 | |
| fi | |
| # Extract CloudFront IP ranges using jq | |
| # We filter by service equals "CLOUDFRONT" and get the ip_prefix values | |
| CF_IPS=$(jq -r '.prefixes[] | select(.service == "CLOUDFRONT") | .ip_prefix' "$TEMP_JSON") | |
| # Build the tcpdump filter expression (e.g., "tcp port 443 and (src net 13.32.0.0/15 or src net 52.46.0.0/18 or ...)") | |
| FILTER="tcp port 443 and (" | |
| FIRST=1 | |
| for ip in $CF_IPS; do | |
| if [ $FIRST -eq 1 ]; then | |
| FILTER+="src net $ip" | |
| FIRST=0 | |
| else | |
| FILTER+=" or src net $ip" | |
| fi | |
| done | |
| FILTER+=")" | |
| echo "Using tcpdump filter: $FILTER" | |
| echo "Starting tcpdump, press Ctrl+C to stop..." | |
| sudo tcpdump -n -i eth0 "$FILTER" |