skip to Main Content

there is a bot that keeps searching for security vulnerabilities my site and ended up ddosing me like 4 times per day.

I want to block this IP 31.220.61.65

My architecture is very simple:
I have one EC2 instance with elastic IP serving a website. (of course it has a security group attached as well allowing port 443)

Every couple of hours the ip above (and others) make like 300 requests per minute and crash my modest server and leave tthe real users without service.

How can I block requests from particular ips reaching the ec2 in my simple architecture?

2

Answers


  1. You can use Network ACLs

    If your EC2 instance is behind a load balancer or CloudFront distribution you can add a Web Application Firewall and block the IP via a WAF rule.

    Login or Signup to reply.
  2. The easiest and quickest way to block IPs for such attacks is to block them at NACL level.

    1. Go to the subnet of your EC2 instance
    2. Select NetworkACL as shown in below picture
    3. Click on the highlighted link to go on NACL detail page
    4. Add a Deny Rule for IP 31.220.61.65/32.

    Locate the Network ACL for EC2

    enter image description here

    Add Deny rule to block IP

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search