How to correctly set up domain name restriction on IIS for AWS instances?

Question

I have some web services hosted on IIS that are accessed by external clients. The way it is set up in IIS is everyone is denied access except IP addresses that are white-listed.

Today I had to white-list a client based on their domain name instead of their IP address. This client hosts their website on the AWS EC2 cloud with a load balancer and various instances behind it.

I tried putting their domain name (i.e. abc.com) in the IIS white-list but it was still denying them access with a 403 error, when I looked at the IIS log files the name that was recorded as trying to access my service was their amazon public DNS address (i.e. ec2-75-101-137-243.compute-1.amazonaws.com), not the abc.com domain name. When I do ping and nslookup against their domain name everything resolves to their correct IP address so I assume their DNS configuration is correct.

How can I fix this so that IIS recognizes a request from abc.com and allows it? If the IP address that I have is the IP address of their load balancer, should I just white-list that instead since that IP should never change?

Thank you so much for your help.

Answer 1

You would need a proper reverse DNS (PTR) entry for a domain name white list to work. As for getting that on a set of EC2 cloud instances, I'm unsure if that's possible or how it would be done. Does anyone else know?

It seems Amazon provides the ability to set up a rDNS entry to prevent outbound email from bouncing.