Menu
I am looking for a way to drop connections from known spam ip addresses on an Amazon's Elastic Load Balancer (ELB)?
I am currently doing this at the web server level (multiple instances, running behind the ELB), but wondering if there is a way to do it at the ELB. This way, I can avoid configuring each web server instance for this.
I typically pull the Drop List from Spamhause.org every day and update my web server configuration
261
To allow or block specific IP addresses for your EC2 instances, use a network Access Control List (ACL) or security group rules in your VPC. Network ACLs and security group rules act as firewalls allowing or blocking IP addresses from accessing your resources.
The IP Deny tool in the MyKinsta dashboard lets you block both individual IP addresses as well as IP address ranges without having to edit web server configuration files. If you're hosted on Kinsta, the IP Deny tool is the recommended method for blocking IP addresses.
I would try using VPC ACLs for that. First of all, ELBs inside VPC can use Security Groups but they only specify a traffic you allow in and out of an ELB. To actually block a traffic coming from a certain IP - an ACL would be the best.
For that to work - a pair of a public (internet-facing) and internal ELBs need to be used with internal ELB protected by subnet ACL DENY rules.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
