Is it possible to restrict HTTP access to an Elastic Beanstalk application to only certain IP addresses? I"ve tried adding rules to my environment's Security Group but these don't appear to be having any effect. Is this because all HTTP traffic is routed through the Elastic Load Balancer, which isn't within the security group?
I have restricted HTTP access to an Elastic Beanstalk application to only certain IP addresses.
Following is my procedure.
Create new beanstalk environment in the VPC(Amazon Virtual Private Cloud).
Please read following documents.
Using AWS Elastic Beanstalk with Amazon VPC
Example: Launching an AWS Elastic Beanstalk Application in a VPC
note: I tried to create a new beanstalk environment(Tomcat) in the VPC using AWS Tookit for Eclipse last month. But I could not create a new beanstalk environment due to the bug of AWS Toolkit for Eclipse. Finally, I could create a new beanstalk environment using a elastic-beanstalk-create-environment command. Therefore I recommend to use elastic-beanstalk-create-environment command.Create a new Network ACL(VPC's function) and open the inbound tab and configure to restrict source IP addresses. Set this Network ACL to the subnet of VPC which have a beanstalk's ELB.
I was able to limit access to folders with the following X-FORWARDED restrictions:
<Directory "/var/www/html/folder_name">
SetEnvIf X-FORWARDED-FOR x.x.x.x allow
SetEnvIf X-FORWARDED-FOR a.a.a.a allow
Order deny,allow
Deny from all
Allow from env=allow
</Directory>
This was done in the httpd.conf file, but I'm hoping it will also work in an .htaccess file. However, I'm supposedly not using an ELB, just a single instance and what ever load-balancing AWS may or may not already implement.
Hope this helps.
来源:https://stackoverflow.com/questions/17222154/restrict-http-access-to-elastic-beanstalk