How can we block IP in Security Group where we allowed icmp,http,https to all, should not block in vpc also implement role to instance any other solution

0

I am having one web server, particular ip is hitting contiously due to which CPU utilization is more and server is running down time. wants to block the ip in Security Group which is not possible, Iam role and policy but not getting blocked { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": "", "Resource": "", "Condition": { "IpAddress": { "aws:SourceIp": "xxxx/32" }, "StringEquals": { "aws:SourceVpc": "vpc-xxxx2ee5fa" } } } ] } Not working with above policy also. also we need icmp,http,https to 0.0.0.0/0

preguntada hace 3 meses120 visualizaciones
2 Respuestas
1
Respuesta aceptada

According to me the solution for this is to connect to the EC2 instance and drop the ip using the command #Check for IP tables

sudo iptables -A INPUT -s <IP-ADDRESS-TO-BLOCK> -j DROP

sudo service iptables save

Block an IP using firewalld

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<IP-ADDRESS-TO-BLOCK>" drop' sudo firewall-cmd --reload

by following above steps we have block the IP tail -f /var/log/httpd/access_log # to check ip status

But if in the security group if AWS allows us to Drop an option in a custom where we can give the required ip i will be easier but this option we cant find.

respondido hace 3 meses
profile picture
EXPERTO
revisado hace 2 meses
0

create a rule in your Network Access Control List to deny traffic from that IP

https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

respondido hace 3 meses
  • Thank you. But If we create NACL rule it will be denied for all the instances in that network. Even we cant login to the ec2 tried this solution

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas