1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
Hello.
If you are using ALB, you can restrict countries with AWS WAF.
If you want to limit it to India only, you should just enter the country code as "IN".
When creating a rule, select "doesn't match the statement (NOT)" to block countries other than India.
https://repost.aws/knowledge-center/waf-allow-block-country-geolocation
Contenus pertinents
- demandé il y a 2 mois
- demandé il y a un an
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Hi @Riku_Kobayashi, I was going through this blog post https://repost.aws/knowledge-center/waf-protect-ec2-instance. But the issue is one of the web apps is not having ALB, in that case how can we restrict the traffic on EC2 in India.
I think it would be difficult to implement country restrictions using only EC2. For example, if you can determine the IP address with a .NET application, I think it is possible to create a process that obtains the CIDR of the Indian IP from the site below and allows access from that list. I think it is possible to allow it with a security group, but please note that if there are many CIDRs, it will not be possible to configure all the settings. https://www.countryipblocks.net/acl.php
Since you're not using ALB, your choices are to either (a) use ALB or AWS CloudFront and configure WAF as Riku_Kobayashi suggested, or (b) use a 3rd-party HTTP module with IIS or a .NET library/NuGet package that does IP address filtering by geo. There are modules that work with IIS on Windows, such as ModSecurity by SpiderLabs, but I am not able to endorse 3rd-party products.