In Lightsail's Networking tab, they have the option to allow certain IPs through their firewall. Is there a way to allow all IPs except for a certain IP? The AWS guide says that there is no way to deny an IP address, but can I set up an allow filter for everybody except for one IP? This is for a stopgap solution while we figure out how to handle one user who is (perhaps inadvertently) very slowly spamming connections.
Asked
Active
Viewed 105 times
1 Answers
0
Allowing ALL IPs except for one probably wouldn't be possible because you'd hit the limit on the number of rules you're allowed to add before you whitelisted everything.
A more practical approach would be to identify those ranges that you DO want to allow and whitelist those. Unless you genuinely expect to receive requests from all over the world, this is probably going to be easier to do.
If you want to try this I recommend using the CLI rather than the web console as you could script the entire process.
Always be sure you don't lock yourself out by making sure your own business IP range is whitelisted first.
Given the limitations you have to work with, your best option is probably to look at a filtering option on the server itself, such as an OS firewall or application-level filtering. Specifics of this will depend on the operating system and application in use.
barbecue
- 342
- 1
- 15
-
I see... unfortunately this is for a live server that has been accepting players from all around the world (we're still uncertain if what we're seeing from this one user is a malicious attack or what). Thank you for the insight. – OrdiNeu Jan 07 '22 at 18:25
-
Your best bet would probably be to look for a filtering option to implement on the server itself, like an OS firewall. – barbecue Jan 07 '22 at 18:27
-
If you put that as an answer I can accept it, that seems like it might be the best solution to my particular situation. Thank you so much! – OrdiNeu Jan 07 '22 at 18:35
-
@OrdiNeu it's done. – barbecue Jan 07 '22 at 18:56