EC2 security access when working with ELB

As you know /or not, when working with ELB the security group on the Amazon ec2 instances will not catch the real IP, only the internal ELB ip.

So, how can we prevent this Security hole?

Well easy, you can use Apache or NginX, with the X-Forwarded-For header

I will add one example for Nginx (the Nginx will use a proxy to your local software – elastic, mongo, web server……)

So, copy past and chenge the IP's :-)

------------------------------------------------------------------------------------------------------------
   upstream backend  {
          server 10.10.10.1:9200;
          server 10.10.10.2:9200;
          server 10.10.10.3:9200;
    }

server {
listen   80;
set $allow false;
if ($http_x_forwarded_for ~ " ?100\.100\.100\.100$") {
   set $allow true;
}
if ($http_x_forward_for ~ " ?100\.100\.100\.101$") {
   set $allow true;
}
if ($allow = false) {
   return 403;
}

log_format shavit '$remote_addr $remote_user $time_local $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

access_log   /var/log/nginx/test-access.log  main;
root /usr/share/nginx/www;
index index.html index.htm;

server_name localhost;

location / {
proxy_pass http://backend;
}
}