I have a AWS EC2 instance and want deny access on port 80 for a single ip address (a bad bot).
AWS console it seem support only "allow" rules.
How deny a single ip address?
Asked
Active
Viewed 1.3k times
1 Answers
20
The only way to deny sources/IP addresses is to use Network ACL's in the VPC. These operate like a firewall allowing or blocking traffic incoming to your subnet, and operate above the Securtiy group level (for traffic coming in from external).
Go to your VPC and then Network ACLs. You should already have one that you can apply a rule to, but if not create one and apply it to the subnet where you have your instance running in and explicitly deny the IP address on port 80 you want to block.
5lovak
- 422
- 5
- 11
-
4in addition, make sure give the rule a higher precedence than the existing default allow all rule, and also make sure you apply the rule to the correct subnet (if you have more than one). – Qwerky Dec 15 '16 at 12:34