Filtering Amazon servers by IP range AND URL

Fabrice Kimmel

5/30/24, 2:50 PM

My server is often attacked by bots hosted on Amazon servers. So I configured iptables to block the largest ip ranges from Amazon.

My problem is that let's encrypt use also Amazon servers to issue new SSL certificates, so it don't work on my server because of my ip filter.

How can i allow let's encrypt to issue certificates (by allow urls like domain.ext/.well-known/****) but block all other connexions from Amazon servers ?

On this server, i use iptables, mod_security, and fail2ban. iptable can't filter on url, so i think i must create custom rules on mod_security and/or fail2ban ?

Thanks, Fab

0 + 1

security

ubuntu

iptables

mod-security

fail2ban

pierpy

6/2/24, 5:20 AM

Try to obtain let's encrypt ip ranges, and insert an accept rule on top of others

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Filtering Amazon servers by IP range AND URL

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.