Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Restrict HTTP Access to Elastic Beanstalk

Tags:

security

amazon-web-services

amazon-ec2

amazon-elastic-beanstalk

Is it possible to restrict HTTP access to an Elastic Beanstalk application to only certain IP addresses? I"ve tried adding rules to my environment's Security Group but these don't appear to be having any effect. Is this because all HTTP traffic is routed through the Elastic Load Balancer, which isn't within the security group?

like image 279
EngineerBetter_DJ Avatar asked Jun 20 '13 19:06

EngineerBetter_DJ

3 Answers

I was able to restrict access to certain IP from a security group. I you look at an EC2 instance of your application the security group points to another one (see below).

enter image description here

Find this other security group, which is the one of the elastic load balancer. If you add inbound IP rules to this SG it will be applied to your application.

Hope this help.

like image 168
flacout Avatar answered Nov 10 '22 06:11

flacout

I have restricted HTTP access to an Elastic Beanstalk application to only certain IP addresses.
Following is my procedure.

  1. Create new beanstalk environment in the VPC(Amazon Virtual Private Cloud).
    Please read following documents.
    Using AWS Elastic Beanstalk with Amazon VPC
    Example: Launching an AWS Elastic Beanstalk Application in a VPC
    note: I tried to create a new beanstalk environment(Tomcat) in the VPC using AWS Tookit for Eclipse last month. But I could not create a new beanstalk environment due to the bug of AWS Toolkit for Eclipse. Finally, I could create a new beanstalk environment using a elastic-beanstalk-create-environment command. Therefore I recommend to use elastic-beanstalk-create-environment command.

  2. Create a new Network ACL(VPC's function) and open the inbound tab and configure to restrict source IP addresses. Set this Network ACL to the subnet of VPC which have a beanstalk's ELB.

like image 28
Ken Takehara Avatar answered Nov 10 '22 04:11

Ken Takehara

I was able to limit access to folders with the following X-FORWARDED restrictions: 

<Directory "/var/www/html/folder_name">
    SetEnvIf X-FORWARDED-FOR x.x.x.x allow
    SetEnvIf X-FORWARDED-FOR a.a.a.a allow
    Order deny,allow
    Deny from all
    Allow from env=allow
</Directory>

This was done in the httpd.conf file, but I'm hoping it will also work in an .htaccess file. However, I'm supposedly not using an ELB, just a single instance and what ever load-balancing AWS may or may not already implement.

Hope this helps.

like image 1
onlymybest Avatar answered Nov 10 '22 06:11

onlymybest
Sign in to Comment

Related questions

Protect website from Backdoor/PHP.C99Shell aka Trojan.Script.224490
What vulnerabilities are possible in ruby with $SAFE >= 1?
How to properly invalidate JSP session?
Alternative to using c:out to prevent XSS
AspxErrorPath in Custom Error Page
How safe is to use an online SVN repository?
experiences with firebird server over the internet with multiple clients?
Securing database connection information
Role based security for OSGi
Ruby on Rails 3.2.13 - Brakeman - Session secret should not be included in version control
Calling a secured WebService from jQuery safely
Dynamically set the data source for SSRS reports without unattended execution account?
Liquibase & Spring how to use separate user for schema changes
Does Azure API Management include WAF functionality?
Does MySQL have a cryptographically secure random number generator?
iPhone and Crypto Libraries
Authorization & User info in a Service Layer (.NET application)
Sign data with MD5WithRSA from .Pem/.Pkcs8 keyfile in C#
Isolated Storage misunderstanding
Security of string resources

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!