如何配置AWS ELB阻止某些IP地址? (已知的垃圾邮件发送者) [英] How to configure AWS ELB to block certain IP addresses? (known spammers)

问题描述

我正在寻找一种方法来删除来自Amazon的Elastic Load Balancer(ELB)上已知垃圾邮件ip地址的连接?

I am looking for a way to drop connections from known spam ip addresses on an Amazon's Elastic Load Balancer (ELB)?

我目前正在Web服务器级别(多个实例，在ELB后面运行)执行此操作，但是想知道是否有办法在ELB上执行此操作.这样，我可以避免为此配置每个Web服务器实例.

I am currently doing this at the web server level (multiple instances, running behind the ELB), but wondering if there is a way to do it at the ELB. This way, I can avoid configuring each web server instance for this.

我通常每天都从Spamhause.org中提取删除列表并更新我的Web服务器配置

I typically pull the Drop List from Spamhause.org every day and update my web server configuration

推荐答案

我会尝试使用VPC ACL.首先，VPC中的ELB可以使用安全组，但是它们仅指定您允许进出ELB的流量.要实际上阻止来自某个IP的流量-一个

I would try using VPC ACLs for that. First of all, ELBs inside VPC can use Security Groups but they only specify a traffic you allow in and out of an ELB. To actually block a traffic coming from a certain IP - an ACL would be the best.

要使其正常工作-一对公共(面向Internet)和内部ELB

For that to work - a pair of a public (internet-facing) and internal ELBs need to be used with internal ELB protected by subnet ACL DENY rules.

这篇关于如何配置AWS ELB阻止某些IP地址? (已知的垃圾邮件发送者)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！