I am using AWS EC2 to host my internal CRM. The server has started getting spam hits and consuming quite a bit of server resource. I know that we can configure CIDRs in the security groups. When I put comma separated values and try to save it, it throws an error stating "The source needs to be a CIDR block or a Security Group ID.". Is it like I can provide only one CIDR? If yes, then how will I address this?
Asked
Active
Viewed 1,009 times
1 Answers
0
Each rule handles only one CIDR. You can add many rules.
Skaperen
- 453
- 4
- 13
-
oh .. that's great! I am guessing there is no limit on the number of rules as I will have to add tons of CIDRs to cover the complete country. – Anurag Srivastava Jul 26 '16 at 09:19
-
"You can have 50 inbound and 50 outbound rules per security group (giving a total of 100 combined inbound and outbound rules). If you need to increase or decrease this limit, you can contact AWS Support — a limit change applies to both inbound and outbound rules. However, the multiple of the limit for inbound or outbound rules per security group and the limit for security groups per network interface cannot exceed 250. For example, if you want to increase the limit to 100, we decrease your number of security groups per network interface to 2." – hellomichibye Jul 26 '16 at 12:21
-
Ok. There has to be a better way to whitelist/blacklist a country. Or is this is the only way to achieve it? – Anurag Srivastava Jul 27 '16 at 07:58
-
design your network application so that it does not depend on the IP to allow access. use these rules *only* to block network abusers, such as those who make service denial attacks. whitelisting is OK, but not at the network address layer. use secure authentication. you can never be sure what country someone is in based on IP, nor should you even try. – Skaperen Sep 21 '16 at 03:42