1

I'm currently facing a problem with one of my infrastructures; I have some nginx web caches reachable to port 7321 with an internet-facing ELB at the top listening on port 80. Akamai use the ELB as origin to retreive stuff.

I would like to prevent users\b0t to directly connect to the ELB origin and force a 301 to the Akamai\Website DNS.

With CF (Cloud Front) is pretty easy to accomplish, they publish a json list that contains all the IP/sub of the CF cache edge locations https://ip-ranges.amazonaws.com/ip-ranges.json so I use it for create the "policy"

Some of you guys had the same problem?

Thanks a lot.

BlaBlaBla
  • 33
  • 5

1 Answers1

0

Best option is to use siteshield feature in akamai. Once this is included in your akamai configuration, you can only allow set of akamai IP's(provided in akamai portal) at ELB and deny rest. Akamai will make sure that all the requests that it sends to origin are sent from these set of ips.

Additionally if you need to see how a page looks like in origin then you can allow only say your office IP in ELB.

Vinod
  • 503
  • 4
  • 8