Amazon AWS Redirect IP address to the domain Name

Question

I created an Amazon aws EC2 machine and Installed an apache web server.

I reserver a new Route53 domain name and configured it to my EC2 machine.

I Created a new SSL Certificate and configured a Load balancer to route my http domain to https.

All work fine, except I still access to my webserver via ip adress.

Is there any way to redirect IP address to the https as I did with http??

Answer 1

The best way to prevent anyone connecting to the server directly is to update the security group rules of the instance to only allow inbound access from a security group that is attached to the load balancer for HTTP.

By having the inbound source as a logical reference (by specifying a security group the load balancer has attached) you can prevent anyone directly connecting to your instance.

As your instance is now sitting behind a load balancer, for future architecture you should look at migrating any instance(s) that will have a load balancer in front of them to be located in a private subnet.

Additionally you should in your web server add a default host to return a 403 for all other hostnames other than the one(s) you're expecting. In Apache the first VHOST will become a catch all, if this returns a 403 with another VHOST added after this to serve your website then no one can connect to your website without specifying the full name.

In the below example unless the user tries to access your website on app.example.com they will be returned a 403.

<VirtualHost:80>
      ServerName deny.example.com

      DocumentRoot /var/www/html

      <Directory /var/www/html>
           Require all denied
      </Directory>

</VirtualHost>

<VirtualHost:80>
      ServerAlias app.example.com

      DocumentRoot /srv/myapp

      ..........

</VirtualHost>