there is a bot that keeps searching for security vulnerabilities my site and ended up ddosing me like 4 times per day.
I want to block this IP 31.220.61.65
My architecture is very simple:
I have one EC2 instance with elastic IP serving a website. (of course it has a security group attached as well allowing port 443)
Every couple of hours the ip above (and others) make like 300 requests per minute and crash my modest server and leave tthe real users without service.
How can I block requests from particular ips reaching the ec2 in my simple architecture?
2
Answers
You can use Network ACLs
If your EC2 instance is behind a load balancer or CloudFront distribution you can add a Web Application Firewall and block the IP via a WAF rule.
The easiest and quickest way to block IPs for such attacks is to block them at NACL level.
31.220.61.65/32
.Locate the Network ACL for EC2
Add Deny rule to block IP