Restrictions to .NET web app

0

Hi AWS, I have a .NET 4.7 HES web application deployed on AWS EC2. I want to restrict the traffic for the app so that no one outside of India can access it using EC2 or ALB.

Thanks

1 Answer
1

Hello.

If you are using ALB, you can restrict countries with AWS WAF.
If you want to limit it to India only, you should just enter the country code as "IN".
When creating a rule, select "doesn't match the statement (NOT)" to block countries other than India.
https://repost.aws/knowledge-center/waf-allow-block-country-geolocation

profile picture
EXPERT
answered 6 months ago
  • Hi @Riku_Kobayashi, I was going through this blog post https://repost.aws/knowledge-center/waf-protect-ec2-instance. But the issue is one of the web apps is not having ALB, in that case how can we restrict the traffic on EC2 in India.

  • I think it would be difficult to implement country restrictions using only EC2. For example, if you can determine the IP address with a .NET application, I think it is possible to create a process that obtains the CIDR of the Indian IP from the site below and allows access from that list. I think it is possible to allow it with a security group, but please note that if there are many CIDRs, it will not be possible to configure all the settings. https://www.countryipblocks.net/acl.php

  • Since you're not using ALB, your choices are to either (a) use ALB or AWS CloudFront and configure WAF as Riku_Kobayashi suggested, or (b) use a 3rd-party HTTP module with IIS or a .NET library/NuGet package that does IP address filtering by geo. There are modules that work with IIS on Windows, such as ModSecurity by SpiderLabs, but I am not able to endorse 3rd-party products.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions