I bumped into a strange error. Every time there is a word "localhost" in the body of requests that are fired from front end to back end and go through Cloudfront, Cloudfront returns 403 ERROR The request could not be satisfied. Is it an issue with our Cloudfront setup or is it a system-wide issue? Unfortunately I do not have full access to Cloudfront setup, but the DevOps has provided me with behaviours configures there. The only rule there is redirection from http to https. Regardless of where the issue comes from, can it be fixed by adding some extra rule atop of the existing Cloudfront configuration? What are some other potentials fixes?
Kudos to @rjdkolb. The issue was caused by AWS WAF. Particularly its rule EC2MetaDataSSRF_BODY
