0

Hello, this is my first post on Server Fault, so please feel free to edit/correct etiquette.

I am managing a server at work that we have hosted on AWS. Recently, it has fallen victim to a DDoS attack. Luckily, this is only a staging server (right now), but in the future, we plan to use an API on it on a production application.

Currently, I have stopped the attack by limiting access (via AWS security groups) to all IPs but my own, and the office. This has worked, but obviously will not work if people need to access this server in the future.

My ideal system would be: block all traffic that is not coming from our domain, the domain we host all products on. For example, if that domain was "company.com", we would like for all requests coming from some random IP or another domain. Is this possible via AWS?

If not, the server is Apache2 and Ubuntu, and we may decide to handle this problem in there. I'm not very strong in Apache though, so I'm hoping there is a good AWS solution.

Again, if there is a duplicate question to this, feel free to close this/point me to it, I just don't know exact terminology for a lot of these topics and hence it is hard to find the right questions. Thank you!

Aaron
  • 1
  • 1

1 Answers1

0

If you plan to use it from multiple clients in your domain, then it's a bit complex. How could your domain be recognised from the outside? Does it have an IP range or a few known gateways? Why would you expose a service like this in the first place?

It it's a matter of securing a link to this API from your intranet, why not use a reverse proxy in the intranet pointing there and limiting access to that proxy only?