How could I block the unwanted request at ELB or httpd level
Question
I have two webservers running httpd with six virtual hosts sites running on it. My webservers are behind the ELB in AWS. My ELB logs says that some users are directly accessing the IP of my ELB server which inturns gives them response with my first vhost site(response is based on an alphabetical order of my vhosts sites). So here I need to block the requests that doesn't include my vhost name in the request url. Inshort someone is hitting the AWS IP and trying to get to /admin, /sql, /db, etc from some random addresses and I need to block those unwanted requests at ELB level or httpd level. Below is one of such error from ELB logs.
2017-07-21T03:22:19.973661Z <loadbalancer> <Client IP>:48010 10.1.6.57:80 0.000049 0.068249 0.000039 401 401 0 0 "HEAD http://52.0.168.49:80/phpmy/ HTTP/1.1" "Mozilla/5.0 Jorgee" - -
2 answers
solution1
1 2017-07-21 17:28:01
如果使用的是应用程序负载平衡器,则可以使用Web应用程序防火墙(WAF)筛选直接指定IP地址的请求。
solution2
1 2017-07-21 17:45:47
Regarding ignoring direct IP requests to your web server instances, I would make sure your webserver security group only accepts traffic from the subnet the ELB is running on. In this way, it will ignore all direct traffic.
Regarding blocking specific access to certain paths, that is best done at the httpd level, you may want to consider a Fail2Ban implementation. See https://serverfault.com/questions/416926/automatically-block-ip-who-requests-certain-url
Of course you can control/deny access via the Apache config. That same link above suggests this also:
You can create an .htaccess file in the forum dirctory and put these the following lines may help to prtotect that url by accessing.
Order allow,deny Deny from all
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.