Restrictions to .NET web app
0
Hi AWS, I have a .NET 4.7 HES web application deployed on AWS EC2. I want to restrict the traffic for the app so that no one outside of India can access it using EC2 or ALB.
Thanks
質問済み 5ヶ月前223ビュー
1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
Hello.
If you are using ALB, you can restrict countries with AWS WAF.
If you want to limit it to India only, you should just enter the country code as "IN".
When creating a rule, select "doesn't match the statement (NOT)" to block countries other than India.
https://repost.aws/knowledge-center/waf-allow-block-country-geolocation
関連するコンテンツ
- 質問済み 6年前
AWS公式更新しました 3年前
Hi @Riku_Kobayashi, I was going through this blog post https://repost.aws/knowledge-center/waf-protect-ec2-instance. But the issue is one of the web apps is not having ALB, in that case how can we restrict the traffic on EC2 in India.
I think it would be difficult to implement country restrictions using only EC2. For example, if you can determine the IP address with a .NET application, I think it is possible to create a process that obtains the CIDR of the Indian IP from the site below and allows access from that list. I think it is possible to allow it with a security group, but please note that if there are many CIDRs, it will not be possible to configure all the settings. https://www.countryipblocks.net/acl.php
Since you're not using ALB, your choices are to either (a) use ALB or AWS CloudFront and configure WAF as Riku_Kobayashi suggested, or (b) use a 3rd-party HTTP module with IIS or a .NET library/NuGet package that does IP address filtering by geo. There are modules that work with IIS on Windows, such as ModSecurity by SpiderLabs, but I am not able to endorse 3rd-party products.