If you can simplify your architecture you can probably find a simpler solution. allow 1.2.3.4 # Allow a single remote host Once that's done you have another method using Nginx that lets you block all hosts other than those you allow. To be careful of is that the AWS ALB might also set that header, hiding what Securi sets.
In Nginx you can use the " real_ip_header" command to say "for the IPa addresses I specify (ie that belong to Securi) the original IP address is in this header". If so this would work well with the ALB security groups.Īnother approach is that Securi most likely sets the X-Forwarded-For header. I wonder if NLB doesn't change the source IP - hopefully someone else who's more familiar with this can answer / comment, it's been a long time since I learned the OSI model. The AWS Network Load Balancer works at Layer 4, and according to Wikipedia "Class 4 is closest to TCP". That relies on NLB not messing with that information. Its the single point of contact for clients. Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model.
You can use that to limit which IPs traffic can from from. Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers.
The ALB then uses the ENIs associated with the VPC Endpoint as load-balanced targets for the service defined by the public listener. AWS Application Load Balancer has security groups ( documentation link). The Web Application Firewall (WAF) associated with our ALB then inspects traffic for any known web exploits and passes approved traffic on for forwarding to the ALB targets.
0 kommentar(er)
