I have an Application Load Balancer (ALB) that has many rules. Each rule directs traffic to distinct target groups, which represent different applications.
However, I noticed that the ALB can be accessed via its IP address (Even google bot), and it sends the traffic to the default rule, which directs it to one of the applications.
What is the best way / best practices to prevent this?
One idea I had to solve this issue is to return a 403 error code if the incoming request's host header doesn't match any of the applications. This approach would prevent the ALB from sending the traffic to the default rule.
Thanks in advance!
