CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2reverse-proxyaws-elbaws-alb
varun
varun

Reputation: 135

AWS Load Balancer allow certain ip addresses on URL path

Currently I have an application set up on AWS using application load balancer with 2 EC2 in target group:

DNS -> AWS-ALB -> EC2(2)

I need help allowing only certain IP addresses on the application URL context path.

For eg: www.abc.com should be accessible for all but www.abc.com/xyz should be accessible only to certain IP addresses.

I tried NGINX solution on EC2 and that works only when i hit the EC2 IP directly with allow and deny rules.

Upvotes: 2

Views: 13897

Answers (2)

bekmate
bekmate

Reputation: 111

I was able to solve this problem by setting up listener rules on the ALB based on path and source IP combined.

Lets say you would like to allow access to www.abc.com/xyz/* from the IP address pool 123.123.123.120/30, and deny to anyone else.

ALB rules:

  1. IF Source IP is 123.123.123.120/30 AND Path is /xyz/* THEN Forward to your-application-target-group

  2. IF Path is /xyz/* THEN Return fixed response 403 (or whatever is suitable in your use case)

  3. IF Requests otherwise not routed THEN Forward to your-application-target-group

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-update-rules.html

Upvotes: 11

James Dean
James Dean

Reputation: 4421

You can use WAF with ALB if it's available in the region. You can create a simple rule with two conditions URI matches and IP addresses don't match , as conditions in a RULE works in AND operation, it should match your requirement.

https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-rules-creating.html

Upvotes: 2

Related Questions