Does AWS block specific IPs based on traffic or any other factor?
I see, lot of times I'm not able to access the AWS console from the devices connected to my home wifi network (In my case, wifi hotspot). I tried deleting cookies from browsers but that doesn't help either.
It is only getting resolved after I restart the Wi-Fi.
Is it common issue or is there any solution for this?
Note: I'm using JIO network - India.
There is nothing at AWS side which blocks particular IP..100% damn sure..
This is might be issue of your home network..
Related
FastAPI is running on EC2.
The service is published on 0.0.0.0/0 with a single Port number.
There are multiple accesses with directory names unrelated to its own service.
What should I do in such a case?
Is this a common occurrence and is it something I should be concerned about?
This type of traffic is perfectly normal on the Internet.
In fact, if you were to look at the logs on the network router in your home (which connects you to the Internet), you will see hundreds of such attempts every day.
These requests are coming from automated scripts ('bots') running on the Internet. They attempt to take advantage of known security vulnerabilities to gain access to your systems. This is why it is generally a good idea to keep software up-to-date and to limit the number of ports that are opened to the Internet.
WordPress sites are often targets of bots since people do not keep them updated. You will often see requests in your logs that are trying WordPress vulnerabilities, even though you are not running WordPress. The bots just try everything, everywhere!
For a web server, you need to open ports 80 (HTTP) and 443 (HTTPS), but any other ports should be kept closed, or perhaps only opened to a specific range of IP addresses (eg for your home/office).
What should you do?
Only open ports that are strictly necessary, and limit the IP address range if possible
Keep software updated
Live with it -- it's a fact of life on the Internet
our company just moved to a new office and therefore also got new network equipment. Es it turns out, our new firewall does not allow pushing routes over VPN that it first has to look up ip addresses for.
As we all know, amazon aws does not allow static ip addresses for its application load balancer.
So our idea was to simply put a network load balancer in front of the application load balancer (there is a pretty hacky way described by aws itself (https://aws.amazon.com/blogs/networking-and-content-delivery/using-static-ip-addresses-for-application-load-balancers/) that seemed to work fine (even if I don't really like the approach with the lambda script registering and deregistering targets)
So here is our problem: as it turns out, the application load balancer only gets to see the network load balancers ip address. This prevents us to use security groups for ip whitelisting which we do quite heavily. On top of that some of our applications (Nginx/PHP based) also do ip address verification and the alb used to pass the clients ip address as an x-forwarded-for header. Now our application only sees the one from the nlb.
We know of the possibility to use the global accelerator but that is a heavy investment as we don't really need what the GA is trying to solve.
So how did you guys solve this problem ?
Thankful for any help :)
Greetings
You could get the list of AWS IP addresses for the region your ALB is located, and allow for them in your firewall. They do publish the list and you can filter through it https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
I haven't done this myself and I'm unsure if the addresses for ALB are included under the EC2 category of you would take the whole of AMAZON service "to be safe".
Can you expand on this? "We know of the possibility to use the global accelerator but that is a heavy investment as we don't really need what the GA is trying to solve."
GA should give you better, more consistent performance, especially if your office is far away from the AWS Region where the ALB is running
I have an open port for a server I am hosting, and I get lots of spurious calls to "/ws/v1/cluster/apps/new-application" which seems to be for some Hadoop botnet (all it does is pollute my logs with lots of invalid URL errors). How do I block calls to this URL? I could change my port to a less common one but I would prefer not to.
The only way to "block" such requests from reaching your server would be to launch an AWS Web Application Firewall (AWS WAF) and configure appropriate rules.
AWS WAF only works in conjunction with Amazon CloudFront or an Elastic Load Balancer, so the extra effort (and expense) might not be worth the benefit of simply avoiding some lines in a log file.
One day I took a look at my home router's logs and I was utterly amazed to see the huge amount of bot attempts to gain access to random systems. You should be thankful if this is the only one getting through to your server!
I use a VPN to access services in an AWS VPC. I also use this VPN as a gateway to my local internet. The strange thing is that when I'm connected to the VPN, I can't browse amazon.com or amazon.co.uk I can get to the home page and it displays correctly, but whatever I try to do, I get an error 503 - Service Unavailable:
"We're sorry
An error occurred when we tried to process your request.
We're working on the problem and expect to resolve it shortly. Please note that if you were trying to place an order, it will not have been processed at this time. Please try again later.
We apologise for the inconvenience."
Again, this is Amazon's retail/shopping website.
It works fine with the VPN disabled.
What can I do to get this fixed?
Thanks!
It appears that amazon.com prevents access to the IP address range used by Amazon EC2 instances. This is possibly done to prevent scraping of information.
I accessed a page via an EC2 instance and noticed this message as a comment in the beginning of the HTML page:
To discuss automated access to Amazon data please contact api-services-support#amazon.com.
For information about migrating to our APIs refer to our Marketplace APIs at https://developer.amazonservices.com/ref=rm_5_sv, or our Product Advertising API at https://affiliate-program.amazon.com/gp/advertising/api/detail/main.html/ref=rm_5_ac for advertising use cases.
In fact, I have seen this behaviour on many websites.
While this does not assist with your use-case of sending traffic via your VPN connection to the Internet, at least it explains why it is occurring.
I am having an Application that is running on Windows 10 and the server is hosted on AWS. So for this application we have to White-list ip's on SMTP port(25) for test mail . So the issue is till now we are doing the white-listing in the Security groups(firewall provided by AWS)and Now we have reached the Limit of "250 ip's" by attaching "5" security groups(Per Security group 50 ip's) and we cannot exceed the limit after that. So is there any other process were i can white-List ip's on SMTP port 25 for talking(test mail) to the Application.
Much Needed Help!!!
Thanks in Advance!!!!
Okay so based on the comment clarifications, I'm not sure that IP whitelisting is such a good idea. Theoretically you could skip using Security Groups and have PowerShell interact with Windows Firewall instead (EC2 Systems Manager Run Command can be utilized to automate this).
However, with the number of clients (1500 cited) and the potential for growth an IP whitelisting solution would at some point cause a noticeable hit on network performance (one good reason for security group limitations) as the firewall would be forced to check the packet against all conditions. Instead of this solution I'd be on the side of recommending you consider an authorization scheme based on tokens/headers/etc. This turns authentication into a more on-demand type situation and reduce the strain on network performance.