AWS Application Load Balancer is accessible by IP Address

Question

I have a basic Application load balancer setup that routes web traffic to a few different EC2 instances. The load balancer has two public IP addresses, and both will display my site if entered in the browser. In other words the site can be accessed by the load balancer IPs

How do I configure the load balancer so that the public IP addresses are not accessible in the browser? I would expect the page to fail to load given my load balancer IPs.

All my DNS records point to the load balancer's DNS name and not either of the public IPs

Any help would be great!

Answer 1

Add a rule that forwards from your known host name to whichever target group you'd like to forward to.

eg: if host is www.example.com forward to my-site

Then, as your last, default rule have everything else redirect to a custom host, path, query which uses all of the original values of the URL except the host name, which you can specify to your domain name (eg: www.example.com).

So now if someone enters the ip address, he will be redirected to the same page but with the domain name you'd like.

Of course, you can have the default rule do anything you'd like (eg: a fixed response error page).

Answer 2

When a user enters a DNS name in a web browser, the browser/computer uses DNS to resolve the name into an IP address. Then, the browser connects to that IP address.

DNS is merely a "lookup" service that converts a name to an IP address.

Therefore, it is not possible to disable IP addresses while still allowing DNS to work.

Here's an analogy: Somebody knows your name and want to phone you, so they lookup your phone number in a telephone directory (old fashioned, I know). They then call you on the phone number. It is not possible to allow them to call you without them knowing your phone number.