Configuring mod_proxy for Apache/EC2 to comply with AWS AUP



My team has recently migrated many of our NodeJS web applications over to AWS EC2. These applications run via PM2 on specific ports, using Apache ProxyPass and ProxyPassReverse directives to match the ports to the process. This was fine on our old host, however, we have recently been notified by AWS' ec2-abuse team that we are operating an open proxy, and are violating the AWS Acceptable Use Policy.

Can anyone who is knowledgeable in server architecture, or has done something like this before help me out and tell me how to safely and securely use mod_proxy in this context on an EC2 instance?

Currently, I have set up this configration within Apache, but I am wondering if it is secure enough to comply with AUP:

<IfModule mod_proxy.c>
    ProxyRequests Off
    <Proxy *>
        <Limit CONNECT>
            Require all denied

Thanks, Andrew

asked 3 months ago320 views
1 Answer

Hi there,

It may be that the Abuse notification you are referring to, had been created as a result of the security of your instance(for example, security groups etc). With open security groups, this would then render your EC2 instance accessible from anywhere, therefore resulting in the proxy being accessible from anywhere.

That being said, it is not possible to ascertain this without actually reviewing the resources in question(EC2 instances, security groups etc). As such, I would suggest that you create a support case from your AWS account, with the Premium Support team - as this would be the only way to get specific assistance regarding your account linked resources.

With regards to the Apache mod_proxy configuration, it is important to note that this would fall out of the AWS scope of support, as it's relating to a 3rd party application. With that said, AWS Premium Support engineers will provide support on a best-effort basis in order to assist you as best possible, once you have created a case with the team.

While I understand that the information provided above does not exactly answer your query, please do understand that it is very difficult to provide assistance with regards to abuse reports without exact information(the exact nature of the report, what triggered it etc.).

answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions