I am using the Django framework on Elastic Beanstalk and I have been getting many requests from bots trying to find security vulnerabilities. The server always responds with a 400 because they access the IP address of the EC2 instance and the IP address is not in the ALLOWED_HOSTS
list.
Is there a way to block access to the instance through its public IP address and only allow access to it through the domain I assigned to it?
Based on the comments, the solution was to setup security groups in such a way that instances only allow inbound traffict from the CLB's security group.
More about this setup can be found below:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.