0

I have an AWS EC2 working instance with a security group allowing inbound traffic from ports 80, 22 and 443 (HTTP, SSH & HTTPS). enter image description here Everything was working fine until I opened a few new ports and deleted the rule allowing HTTPS by mistake. Then of course I couldn't access my website. I checked the ports and added 443 again but I'm still having the same problem. The only thing that worked is allowing ALL traffic but this is a major security hole. enter image description here I have a second AWS instance in another account that has exactly the same security rules and it's working as it should. What could possibly be wrong? I double checked that it's the right security group and the rules had been applied. enter image description here

Ports listening on my server (I'm using Ruby on Rails with nginx) enter image description here

VPC network acl inbound rules: enter image description here

nc -zv <server_ip> 22 and nc -zv <server_ip> 443

returns successful on both, when "all traffic" rule is off but still no access

Max Dubinin
  • 214
  • 3
  • 20
  • Please mention in question which security group works and which is not working and which is the instance above is that working instance or non working instance. – Piyush Patil Jul 25 '16 at 20:53
  • Check ACL Rules if you are inside a VPC. – Ashish Bista Jul 25 '16 at 20:53
  • 1
    Are you sure you deleted 443 by mistake? or it was a different port? – Piyush Patil Jul 25 '16 at 20:55
  • @AshishBista what is a VPC? I now see a security group with the name "default VPC security group" and it has a rule allows all traffic, but the source is the GROUP ID itself. Both of the security groups has the same VPC ID but I don't know what that means – Max Dubinin Jul 25 '16 at 21:10
  • @MaxZXL VPC is your private cloud within AWS cloud. If your instance is in VPC, there are a few more extra places you need define access rules. The "default VPC security group" should not affect if it's not attached to your instance. Do you see VPC ID on instance description? – Ashish Bista Jul 25 '16 at 21:29
  • @AshishBista If he by mistakenly deleted HTTPS port in sec group why are you asking him to check the ACL? – Piyush Patil Jul 25 '16 at 22:14
  • @error2007s He has brought back that rule as he's shown above with screenshots. So, he should be able to access the instance and port. The other place that he's to look into is ACL. – Ashish Bista Jul 25 '16 at 22:31
  • 1
    Yes but it was working for him before ACL's don't get deleted suddenly. And when he allowing all ports the application works for him. So this is definitely port issue. @MaxZXL Can you give some details about the application what platform it is working on and all that and are you using a load balance ? – Piyush Patil Jul 25 '16 at 22:34
  • I've noticed that on my other server I set the same options in the default VPC group and the security group I use for the instance. Tried doing the same but still the same issue. I have the same VPC ID for both of them. @error2007s I'm working with Ruby on Rails with nginx. I try to access the site using https:// so I guess 443 should work... I don't understand why someone left -1 on my question. If any information is missing or isn't clear enough I would like to know and make it better – Max Dubinin Jul 26 '16 at 08:04
  • @AshishBista anything? – Max Dubinin Jul 28 '16 at 10:03
  • @MaxZXL Please also provide details of your ACL rules. – Ashish Bista Jul 28 '16 at 10:55
  • @AshishBista Sorry for the noob question but ACL is not what I showed in the screenshots? If it is not, then how do I access it? – Max Dubinin Jul 28 '16 at 12:06
  • @MaxZXL Go to VPC console. On the left pane, you can find Network ACLs under Security section. Select one that your instance uses. Then, check what rules are there in Inbound Rules. – Ashish Bista Jul 28 '16 at 16:12
  • @AshishBista I've added a screenshot to the thread – Max Dubinin Jul 28 '16 at 20:44
  • @MaxZXL Can you do one last thing? `nc -zv 22` and `nc -zv 443` – Ashish Bista Jul 29 '16 at 00:29
  • @AshishBista From the server terminal or a different one?Should I do it after I remove "allow all traffic"? Is that suppose to troubleshoot something or just ping? – Max Dubinin Jul 29 '16 at 10:07
  • @MaxZXL On your local terminal. That is fine, I believe. – Ashish Bista Jul 29 '16 at 14:51
  • @AshishBista Says it's successful on both, while "all traffic" is off, but still no access. What could that mean? – Max Dubinin Aug 01 '16 at 08:36
  • @MaxZXL That means the server port 443 is accessible from your machine. Any updates on this? – Ashish Bista Aug 08 '16 at 14:27
  • Thank you for showing interest in my issue, but unfortunately everything is the same. It is very weird that it shows that the port is accessible from my machine but I can't access the website... I have no ideas left – Max Dubinin Aug 09 '16 at 08:03

0 Answers0