如何配置AWS ELB阻止某些IP地址? (已知的垃圾邮件发送者) [英] How to configure AWS ELB to block certain IP addresses? (known spammers)
问题描述
我正在寻找一种方法来删除来自Amazon的Elastic Load Balancer(ELB)上已知垃圾邮件ip地址的连接?
I am looking for a way to drop connections from known spam ip addresses on an Amazon's Elastic Load Balancer (ELB)?
我目前正在Web服务器级别(多个实例,在ELB后面运行)执行此操作,但是想知道是否有办法在ELB上执行此操作.这样,我可以避免为此配置每个Web服务器实例.
I am currently doing this at the web server level (multiple instances, running behind the ELB), but wondering if there is a way to do it at the ELB. This way, I can avoid configuring each web server instance for this.
我通常每天都从Spamhause.org中提取删除列表并更新我的Web服务器配置
I typically pull the Drop List from Spamhause.org every day and update my web server configuration
推荐答案
我会尝试使用VPC ACL.首先,VPC中的ELB可以使用安全组,但是它们仅指定您允许进出ELB的流量.要实际上阻止来自某个IP的流量-一个
I would try using VPC ACLs for that. First of all, ELBs inside VPC can use Security Groups but they only specify a traffic you allow in and out of an ELB. To actually block a traffic coming from a certain IP - an ACL would be the best.
要使其正常工作-一对公共(面向Internet)和内部ELB
For that to work - a pair of a public (internet-facing) and internal ELBs need to be used with internal ELB protected by subnet ACL DENY rules.
这篇关于如何配置AWS ELB阻止某些IP地址? (已知的垃圾邮件发送者)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!