1

I have a site that uses an AWS Application load balancer, this load balancer has two dynamic public IPs. Behind the load balancer are a few EC2 instances that server a ruby on rails site using Apache 2.4 as the web server.

Issue One

First off, the site can be accessed by the load balancer IPs. The site is mamapedia.com and if you perform a reverse domain lookup you can see the load balancer is ec2-54-241-164-80.us-west-1.compute.amazonaws.com and the public IPs 52.8.11.9 and 54.241.164.80 (right now, these change).

What is the standard for handling direct IP access? Should I reroute the IP traffic to the domain? Or should I block traffic on all IPs? Note the IPs are not static so really I'm asking what should be done with all IP addresses trying to access the site? Further, where should this be configured? On the load balancer, Apache or somewhere else? If Apache, what should this look like?

Issue two

This is somewhat related to the first issue but may require a different solution. The site in question mamapedia.com should also only accept traffic from the domain mamapedia.com and no others. This in not currently the case.

A google search of site:mamapedia.com returned results for another domain bcphotography.co.nz Example. Mamapedia™ - BC Photography New Zealand

If you click through the link, you are redirected to mamapedia.com as you would expect, however google is indexing BC Photography New Zealand. Digging deeper, the site http://www.bcphotography.co.nz/ if searched in the reverse domain lookup resolves to the mamapedia load balancer and public IPs. This indicates that domain has the mamapedia load balancer set in its DNS records. Further if you try accessing the domain bcphotography.co.nz you can insecurely access mamapedia on that domain name.

This is definitely not desired, and I need to know how to prevent it. The only time the mamapedia site should be accessed is on the https://www.mamapedia.com domain. What are the standard rules for configuring a web server in this way?

What is the standard for handling traffic from another domain that has DNS records that resolve to your site ( bcphotography.co.nz ) Should that redirect to https://www.mamapedia.com or should it be blocked? What is best for google indexing, I want to avoid google indexing anything other then mamapedia information for mamapedia.com

I have seen some sites redirect their public IPs to their host and others that block the IPs, what are the pros and cons of each way? Which is better?

Dave Faliskie
  • 53
  • 5
  • 1
    Please make two separate posts with each individual issue. Our format only allows for a single question per post. – Michael Hampton Aug 29 '18 at 22:40
  • Further to Michael's recommendation, there is no single standard for these things; you should do whatever you feel is most appropriate to your situation. – womble Aug 30 '18 at 00:34

1 Answers1

0

Generally you don't access ELB / ALB AWS load balancers by IP, as they change. If you really need a static IP you can use a network load balancer, but that has quite a different feature set. Why do you need to access your load balancer by IP?

Second question: best guess is your content is being made available on two domains, but you haven't really given a very precise description of the problem. You'll have to look into your Apache config to try to work out why. More information is definitely needed to help.

You're probably best off asking these two questions separately and giving more information about each.

Tim
  • 30,383
  • 6
  • 47
  • 77
  • I do not want to access access ELB / ALB AWS load balancers by IP the problem is that with my current setup I can. So how do I prevent this from happening? And for the second part, the question is really how can I configure my AWS load balancer to only reroute traffic coming from my domain and not others? – Dave Faliskie Aug 30 '18 at 13:41
  • I think you need to configure Apache to respond only to the correct domain name, which could address both issues. I know how to do it in Nginx but not Apache sorry. – Tim Aug 30 '18 at 20:10
  • Thanks for your time, The answer was to configure the AWS load balancer listeners https://serverfault.com/questions/928726/how-do-we-configure-an-alb-with-elastic-ips-to-only-resolve-to-our-fqd – Dave Faliskie Aug 31 '18 at 01:59
  • Yes, well, you do have to configure a load balancer for it to work correctly! – Tim Aug 31 '18 at 08:18