1 個回答
- 最新
- 最多得票
- 最多評論
0
To address this finding, you can create a security group that allows traffic only from the NLB's security group or from specific IP ranges that are trusted. You can then update your EKS cluster to use this new security group instead of the existing one. Or you could use WAF to filter traffic based on specific criteria, such as IP address or geographic location. This can provide an additional layer of security to your application while still allowing you to preserve client IP addresses.
已回答 1 年前
相關內容
- 已提問 1 年前
- 已提問 10 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
From my understanding if I have client IP preservation, the source IP that I will see will not be from the NLBs but from the client IPs, or am I wrong in this assumption? If this is correct, then I cannot limit an IP range because the public ingress needs to allow everyone to connect to it.