0

I have internet-facing AWS ALB. I must accept all HTTP traffic only from whitelist set of ip addresses. At the same time there's one exclusion for mydomain.com/some_path - it should accept HTTP traffic from all IPs (0.0.0.0/0).

Am I on the right way trying to configure this logic with ALB? Should I use path condtions for this purpose?

VB_
  • 45,112
  • 42
  • 145
  • 293

1 Answers1

4

You can't do that via ELB settings and you can't do that via security groups. One option would be to attach a Web Application Firewall (WAF) to the ELB and then create the appropriate IP matching rules there.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • ^^ Mark B has your answer... Definitely not do-able with SG's alone... that would open all the entire server to for HTTP from all IP ranges – Adam Nov 20 '18 at 16:53
  • @MarkB sorry, we're using ALB instead of ELB. My bad – VB_ Nov 21 '18 at 13:07
  • @VB_ I assumed you were using ALB since you were talking about different path rules. The answer is still the same. – Mark B Nov 21 '18 at 13:54