I need help for blocking multiple ip actually from last 8-10 days multiple ip hitting my server from susapi.lenovomm.com domain continously so want to block this
Details of servers and services
Server Linux on EC2 Lighttpd LB(load balancer in AWS)
In aws they are not providing facilities to block ip before hitting the LB so we can't block the ip before the LB and in LB security group also we can't block IPs in the security group
So following things i tried
Attempt 1 – Throght Lighttpd configuration
I added a module "mod_extforward" in lighttpd
then added " extforward.forwarder = ("myip" => "trust")" to lighttpd.conf
and added this for blocking such IP's
$HTTP["remoteip"] =~ "203.82.66.237|203.82.66.231|203.82.66.239|203.82.66.230|203.82.66.233|203.82.66.235|203.82.66.238|203.82.66.228|" { url.access-deny = ( "" ) }
Attempt 2 – Blocking IP's throught IP tables firewall i blocked but its not working
/sbin/iptables -I INPUT -s 203.82.66.237 -j DROP
Attempt 3 – Blocking IP's throught IP route add i blocked but its not working
/sbin/route add -host 203.82.66.239 reject
Can anyone help me on this how to block this IP access in my server
Regards Nitesh nitesh.gupta01@yahoo.in
Use a Network Access Control List (NACL) on the VPC subnet(s) where your Elastic Load Balancer is located.
While Security Group are associated with Amazon EC2 instances and define "Allow" ranges, NACLs are associated with subnets and define both "Allow" and "Deny" permissions.
You can then provide a CIDR range of IP addresses that you wish to block, and the traffic will never hit the Load Balancer.