By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Abnormal HTTP activity

0

Hello!

I use Route 53 public record associated with Application Load Balancer in order to forward HTTPS traffic to my application backend deployed to EKS. Recently backend received an odd request (UTC+03:00):

2023-06-05T13:10:26.208Z INFO 1 --- [nio-8081-exec-6] o.apache.coyote.http11.Http11Processor : The host [irancell2.co.nokia.com.co.uk.do_yo.want_to.clash_with.this.microsoft.com.there_is_no.place_nano.localhost.bing.com.count_with_me.cyou.com.now_sudo.rm_rf.ddns.net.aaagain_to_fight.with_everyone.i_am.the_internet.special_waym.s-s.ghodratmandaneridim.store] is not valid

Is this some kind of a hack attempt? If so, what actions should be taken in order to protect public DNS record and AWS services?

Thank you.

Topics
ContainersNetworking & Content DeliverySecurity, Identity, & Compliance
Tags
Amazon Elastic Kubernetes ServiceAmazon Route 53AWS Certificate ManagerApplication Load Balancer
Language
English
konstantin
asked a year ago217 views
1 Answer
1
Accepted Answer

Hi, you can use AWS WAF, AWS Shield, and AWS Firewall Manager together to create a comprehensive security solution. See https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html

profile pictureAWS
EXPERT
Didier_Durand
answered a year ago
profile picture
EXPERT
Sedat Salman
reviewed a year ago
profile pictureAWS
EXPERT
Tushar_J
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content