Possible to prevent Application Load Balancers from routing direct-IP access to target groups?

0

When we all launch ALBs, they can be resolved by IP - that's just how the internet works (I get it).

In our case, however, all legitimate traffic will have an FQDN in the host header, e.g.:

valid request

GET https://validdomain.com/foo

invalid request

GET https://10.23.122.110/foo

I've pulled up the ALB listener rules, and it seems that while it is able to examine the Host header, it is not possible to use regular expressions in the condition - which makes it useless in this scenario. Had it accepted regex, I'd have been able to block IPV4/6 patterns and respond with a fixed 400.

Has anyone solved ensuring that requests have a domain in the host request?

Thanks! Alex

  • You can use the HOST header in your application to return a HTTP 400 Bad Request when the host doesn't match what you wish.

1개 답변
0

Hello,

At the moment ALB Host conditions[1] doesn't support regex expressions.

However, I would like to suggest you one workaround to achieve your use case as follows:

Setup listener rule with "Host" header condition in which you can provide the valid hostnames using which the clients should access the target behind ALB. This will route all the request with valid hostnames to your target group.

Now in order to deflect any client requests with "Host" header value set to an "IP address", you can use default rule action of your listener to give a fixed response e.g. 400 Bad Request to clients. This will allow you send the required response for all the request which does not have valid host header value.

I hope the above workaround will be useful to you. Feel free to reach out to us in case of any further queries.

Thanks! Jay

References:

[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#http-header-conditions

AWS
지원 엔지니어
JAY_J
답변함 2년 전
  • It isn't really useful, is it?

    It would require me to setup 100 different rules, for each host.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠