Menu
Is it possible to block an entire country from access my website within a security group rule in an Amazon EC2 instance instead of using iptables or something else?
236
To allow or block specific IP addresses for your EC2 instances, use a network Access Control List (ACL) or security group rules in your VPC. Network ACLs and security group rules act as firewalls allowing or blocking IP addresses from accessing your resources.
An AWS security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Both inbound and outbound rules control the flow of traffic to and traffic from your instance, respectively.
As the others commented, it is hard to block the traffic from particular countries, if someone is smart enough to use a proxy.
But you can use some simple ways to filter most traffic from a range of IPs (not all customers know to use proxy)
One is to set Network ACL in aws. Please go though aws document Network ACLs as a start.
Another way if you can manage route 53 for your website, enable geolocation route policy and transfer the traffic from some countries to a fake website. You can go through the document here Choosing a Routing Policy
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
