How could I block the unwanted request at ELB or httpd level

Question

I have two webservers running httpd with six virtual hosts sites running on it. My webservers are behind the ELB in AWS. My ELB logs says that some users are directly accessing the IP of my ELB server which inturns gives them response with my first vhost site(response is based on an alphabetical order of my vhosts sites). So here I need to block the requests that doesn't include my vhost name in the request url. Inshort someone is hitting the AWS IP and trying to get to /admin, /sql, /db, etc from some random addresses and I need to block those unwanted requests at ELB level or httpd level. Below is one of such error from ELB logs.

2017-07-21T03:22:19.973661Z <loadbalancer> <Client IP>:48010 10.1.6.57:80 0.000049 0.068249 0.000039 401 401 0 0 "HEAD http://52.0.168.49:80/phpmy/ HTTP/1.1" "Mozilla/5.0 Jorgee" - -

Answer 1

Regarding ignoring direct IP requests to your web server instances, I would make sure your webserver security group only accepts traffic from the subnet the ELB is running on. In this way, it will ignore all direct traffic.

Regarding blocking specific access to certain paths, that is best done at the httpd level, you may want to consider a Fail2Ban implementation. See https://serverfault.com/questions/416926/automatically-block-ip-who-requests-certain-url

Of course you can control/deny access via the Apache config. That same link above suggests this also:

You can create an .htaccess file in the forum dirctory and put these the following lines may help to prtotect that url by accessing.

Order allow,deny Deny from all

Answer 2

If you are using an Application Load Balancer, you can use the Web Application Firewall (WAF) to filter requests that are specifying IP addresses directly.