Some JFrog customers limit clients' egress traffic with a domain-based allowlist. When CDN redirect is enabled, calls to cloudfront.net are blocked unless explicitly allowed. It is technically possible to add the entire cloudfront.net domain to the Allow List, but this solution is permissive and insecure.
In addition, customers who already use a CNAME on top of their JFrog service want to extend the coverage of their CNAME to the CDN.
To support these scenarios, you can add redirect URLs to the JFrog Cloud Allowlist.
To extend your custom CNAME to point to the CloudFront domain contact JFrog Support. You must provide an SSL certificate in PEM format, including chain, certificate, and a 2048-bit key.
Add the domain of the CloudFrong CDN endpoint to the JFrog Cloud allowlist.