Restrict Lightsail machine to be accessed from cloudfront
I have a website (https://www.cakexpo.com) hosted on lightsail. Few days ago, we faced a DDOS Attack on the IP which forced me onboard my website to cloudfront.
I moved my website to cloudfront, yet my ip address is still publicly available and making it vulnerable for more attacks again.
I am trying to understand how I can hide my ip from public access.
I found that in vpc, you can get the list of corresponding cloudfront ips and whitelist them in security group., which I tried
It worked for some time, but later on I realised that cloudfront uses lots of Ips which are not listed here and thus not whitelisted in my security group. This makes my site intermittent unavailable.
nslookup shows a different ip, which is not listed in the above list, and this link says that there 190+ ips associated with Cloudfront, which security group cannot handle, IMO. https://ip-ranges.amazonaws.com/ip-ranges.json
Finally I ended up reverting the config and made my IP public.
Is there any other way to hide the lightsail machines from public access?
you can do this in 2 ways. easy Way: Create a ngnix reverse proxy instance in lightsail, allow access to ur lightsail main instance only from that reverse proxy instance. then Create a distribution instance (with is cloudfront for lightsail) then point as Origin the reverse proxy instance. Hard Way: vpc peering to Aws, from there you Create a cloudfront instance. allows access from it.
- Docker: multiple sites with common containers
- Nginx add_header and cache control
- Nginx reverse proxy to FastAPI Azure Container App returns 404
- Angular 2 Reverse Proxy - Different context path
- Cognito - Client is not enabled for OAuth2.0 flows
- kubernetes nginx websocket proxied close connection after 50s despite timeout configuration
- IIS10 URL Rewrite 2.1 double encoding issue
- Nginx Reverse Proxy: Throwing 502 Bad Gateway
- How to use different Request Transformer instances on service and route at the same time in Kong?
- Redirecting problems with dockerized headless cms (directus) + reverse proxy (nginx) using paths/subfolders
- Traefik 3 returns "404 page not found" on mailpit 8025 port - cannot reverse proxy to specific container port
- How to prevent request forgery through reverse proxy?
- Traefik serversTransport Not Taking Effect: TLS Verification Issues
- How can Sinatra be configured to run within a virtual sub-directory of a reverse proxy?
- Nginx Round Robin Load balancing Upstream Servers are not in sequential order, behaviour changes between chrome,firefox,IE browsers
- WebSocket through SSL with Apache reverse proxy
- FastAPI (Starlette) + NGINX Proxy: URL scheme in Request Object not correct?
- Go web server with nginx server in web application
- How to use reverseProxy with Http4k?
- nginx reverse proxy set header Host got 404 error
- Using multiple iframe with different sessions through a proxy server
- Restrict Lightsail machine to be accessed from cloudfront
- When using proxy_pass, can /etc/hosts be used to resolve domain names instead of "resolver"?
- How to successfully run node server with IIS?
- Nginx does redirect, not proxy
- How to use NGINX as forward proxy for any requested location?
- reverse proxy in mvc
- Docker server networking - reject incoming connections but allow outgoing
- Login backend in TYPO3 with Proxy
- Nginx " Cannot GET /api " Reverse Proxy