Delaying attacks on AWS

Posted on October 8, 2012 by David

Because the AWS instances sit behind a load balancer you can’t block by IP on a firewall however you have use the X-FORWARDER-FOR variable in the header.

find the IP address you need to block from the relevant apache log then find the htaccess file.

Make sure there isn’t an order by or allow/deny directive already, if there is modify that is not add this to the top of the file.

SetEnvIF X-FORWARDED-FOR “IP to block” DenyIP
SetEnvIF X-FORWARDED-FOR “IP to block” DenyIP
Order allow,deny
Allow from all
Deny from env=DenyIP

Just set the IP address to the correct values, you can add more lines for more IP addresses.

This won’t stop the IP address from hitting the server but it should at least limit load as the page won’t load therefore no php/db queries will run.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Amazon Web Services, Cloud. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>