1

I have a site that uses an AWS Application load balancer, this load balancer has two dynamic public IPs. Behind the load balancer are a few EC2 instances that server a ruby on rails site using Apache 2.4 as the web server.

Issue One

First off, the site can be accessed by the load balancer IPs. The site is mamapedia.com and if you perform a reverse domain lookup you can see the load balancer is ec2-54-241-164-80.us-west-1.compute.amazonaws.com and the public IPs 52.8.11.9 and 54.241.164.80 (right now, these change).

What is the standard for handling direct IP access? Should I reroute the IP traffic to the domain? Or should I block traffic on all IPs? Note the IPs are not static so really I'm asking what should be done with all IP addresses trying to access the site? Further, where should this be configured? On the load balancer, Apache or somewhere else? If Apache, what should this look like?

Issue two

This is somewhat related to the first issue but may require a different solution. The site in question mamapedia.com should also only accept traffic from the domain mamapedia.com and no others. This in not currently the case.

A google search of site:mamapedia.com returned results for another domain bcphotography.co.nz Example. Mamapedia™ - BC Photography New Zealand

If you click through the link, you are redirected to mamapedia.com as you would expect, however google is indexing BC Photography New Zealand. Digging deeper, the site http://www.bcphotography.co.nz/ if searched in the reverse domain lookup resolves to the mamapedia load balancer and public IPs. This indicates that domain has the mamapedia load balancer set in its DNS records. Further if you try accessing the domain bcphotography.co.nz you can insecurely access mamapedia on that domain name.

This is definitely not desired, and I need to know how to prevent it. The only time the mamapedia site should be accessed is on the https://www.mamapedia.com domain. What are the standard rules for configuring a web server in this way?

What is the standard for handling traffic from another domain that has DNS records that resolve to your site ( bcphotography.co.nz ) Should that redirect to https://www.mamapedia.com or should it be blocked? What is best for google indexing, I want to avoid google indexing anything other then mamapedia information for mamapedia.com

I have seen some sites redirect their public IPs to their host and others that block the IPs, what are the pros and cons of each way? Which is better?

6557457iD9e
  • 53

1 Answers1

0

Generally you don't access ELB / ALB AWS load balancers by IP, as they change. If you really need a static IP you can use a network load balancer, but that has quite a different feature set. Why do you need to access your load balancer by IP?

Second question: best guess is your content is being made available on two domains, but you haven't really given a very precise description of the problem. You'll have to look into your Apache config to try to work out why. More information is definitely needed to help.

You're probably best off asking these two questions separately and giving more information about each.

Tim
  • 33,870
  • 7
  • 56
  • 84