Restrictions to .NET web app
0
Hi AWS, I have a .NET 4.7 HES web application deployed on AWS EC2. I want to restrict the traffic for the app so that no one outside of India can access it using EC2 or ALB.
Thanks
Lingua
English
posta 5 mesi fa223 visualizzazioni
1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
Hello.
If you are using ALB, you can restrict countries with AWS WAF.
If you want to limit it to India only, you should just enter the country code as "IN".
When creating a rule, select "doesn't match the statement (NOT)" to block countries other than India.
https://repost.aws/knowledge-center/waf-allow-block-country-geolocation
Contenuto pertinente
AWS UFFICIALEAggiornata un anno fa- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
Hi @Riku_Kobayashi, I was going through this blog post https://repost.aws/knowledge-center/waf-protect-ec2-instance. But the issue is one of the web apps is not having ALB, in that case how can we restrict the traffic on EC2 in India.
I think it would be difficult to implement country restrictions using only EC2. For example, if you can determine the IP address with a .NET application, I think it is possible to create a process that obtains the CIDR of the Indian IP from the site below and allows access from that list. I think it is possible to allow it with a security group, but please note that if there are many CIDRs, it will not be possible to configure all the settings. https://www.countryipblocks.net/acl.php
Since you're not using ALB, your choices are to either (a) use ALB or AWS CloudFront and configure WAF as Riku_Kobayashi suggested, or (b) use a 3rd-party HTTP module with IIS or a .NET library/NuGet package that does IP address filtering by geo. There are modules that work with IIS on Windows, such as ModSecurity by SpiderLabs, but I am not able to endorse 3rd-party products.