Blocking IP behind a load balancer

Solution 1

ELB doesn't allow you to block IPs at the ELB level. Your servers themselves would need to reject the traffic. ELB passes an X-Forwarded-For header with the requester's IP that you can use to do this.

Solution 2

Depends on what you mean by blocking; you can certainly use mod_access to deny access of certain IPs (you will need mod_rpaf for this as well) . On the other hand I don't see why you could not block access on load balancers but then again I'm not familiar with ELB details; maybe they don't allow tampering much on LBs.

Solution 3

As of Sep 2017, AWS released Network Load Balancer which has a number of new features.

Once of them is the Source Address Preservation – With Network Load Balancer, the original source IP address and source ports for the incoming connections remain unmodified, so application software need not support X-Forwarded-For, proxy protocol, or other workarounds. This also means that normal firewall rules, including VPC Security Groups, can be used on targets.

from New Network Load Balancer

This will allow to use iptables, ipchains on OS level or any other TCP/IP firewall.

Related videos on Youtube

07 : 20

How do I connect a public-facing load balancer to EC2 instances that have private IP addresses?

Amazon Web Services

44

11 : 13

Setup Apache Server as forward proxy, reverse proxy & load balancer. Step by step implementation

Codeboard Club

24

03 : 08

How do I find the load balancer’s IP address used to send traffic to my webserver?

Amazon Web Services

12

06 : 35

HOW TO BLOCKED INTERNET ACCESS FROM IP address #Sophos XG Series firewall ..

iTs AshokTechX

2

02 : 10

DevOps & SysAdmins: Blocking IP behind a load balancer (4 Solutions!!)

Roel Van de Paar

0

Author by

Farhan

Updated on September 18, 2022