Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Block HEAD requests to AWS Elastic Beanstalk and Elastic Load Balancer

I have an AWS Elastic Beanstalk (Node.js) setup behind an Elastic Load Balancer and alerts setup for the load balancer. Each night I get tons of alerts for:

Environment health has transitioned from Ok to Severe. 100.0 % of the requests are erroring with HTTP 4xx.

This is due to trawls of different PHP hackz and phpmyadmin, dbadmin, etc. using the HEAD method in 99% of the cases. Since we have an external AIM service they trigger on these alerts as well creating an issue for each (which we now change of course) but crying "wolf" you know...

Question is, is it possible to block HEAD or certain URI's we know we don't need somehow to get rid of the "false" HTTP 4xx?

like image 966
Anders Avatar asked Jan 04 '17 07:01

Anders


People also ask

Does Elastic Beanstalk use load balancer?

By default, Elastic Beanstalk creates an Application Load Balancer for your environment when you enable load balancing with the Elastic Beanstalk console or the EB CLI.

When should you not use Elastic Beanstalk?

Elastic Beanstalk isn't great if you need a lot of environment variables. The simple reason is that Elastic Beanstalk has a hard limit of 4KB to store all key-value pairs. The environment had accumulated 74 environment variables — a few of them had exceedingly verbose names.

What is EBS and ELB in AWS?

Elastic Block Storage (EBS) EBS is a disk in the cloud that provides a consistent block storage and can be attached to EC2 instances. EBS offers a high availability and durability since its automatically replicated in the availability zone.


1 Answers

As Mark B pointed out in the comments above using a Web Application Firewall (WAF & Shield) solves our issue.

We had a normal EC2 ELB (Elastic Load Balancer) and swapped that out for the new Application Load Balancer (ALB) that is a requirement for the WAF.

Setting up WAF is fairly easy, first create a Web ACL for blocking HTTP HEAD (you can add a ton of other protection as well, SQL Injection, etc.) and then add a Rule to Block any matching wACL but Allow any other traffic.

Lastly associate the new wACL with the load balancer and you're done!

Testing HTTP HEAD now gives a "403 Forbidden" and is not entering our Elastic Beanstalk.

like image 58
Anders Avatar answered Sep 29 '22 08:09

Anders