How to secure static IP address of instance from bot attacks?

Question

I have several instances with virtual hosts set up, and the default host document root is /opt/bitnami/wordpress. All of my virtual host records point to their respective domain name/website directory. When someone visits the static IP address of the instance directly, it loads a forbidden error page, which is fine but when bots are attacking the static IP address, I don't know how to limit or prevent the attack. I have fail2ban running, but doesn't seem to be stopping them.

Is there something I can do with the default first virtual host record to stop direct access or at least send them away or limit them somehow?

One other consideration is that I'd still like to be able to test websites the way I usually do by accessing the static IP address with the directrory name. e.g. 11.22.333.444/domain.com.

Answer

Hi, @BJSaws

From your tag, I'm guessing you're using Lightsail.  
It is easy to introduce AWS WAF for BOT countermeasures.  
However, Lightsail does not provide the ability to use AWS WAF directly.

You can use snapshots to migrate from Lightsail to EC2.  
Alternatively, you can use the following link method to host the ALB + WAF in your default VPC and use VPC peering to forward traffic to Ligthsail.

https://blog.ddm.tri-stage.jp/2022/06/13/wordpress%E3%82%92%E6%A7%8B%E7%AF%89%E3%81%97%E3%81%A6%E3%81%84%E3%82%8Blightsail%E3%81%ABaws-waf%E3%82%92%E5%B0%8E%E5%85%A5%E3%81%97%E3%81%A6%E3%81%BF%E3%81%9F/

Answer

Have you considered using [AWS Web Application Firewall bot control](https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html)?

How to secure static IP address of instance from bot attacks?

Relevant content