You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If any of the security groups (SGs) for the instance have egress rules, then mod_aws should check them on startup, just as it does for ingress rules, to see the egress rules would prevent/interfere with active data transfers. The check should encompass both restricted ports and restricted addresses; if the instance cannot connect back to the allowed ingress addresses, that would prevent active transfers from working as expected.
The text was updated successfully, but these errors were encountered:
If the egress rules are configured such that they match the ingress addresses, and no where else, this can help prevent the "FTP bounce" attack. Something to mention in the module docs, at least.
If any of the security groups (SGs) for the instance have egress rules, then
mod_aws
should check them on startup, just as it does for ingress rules, to see the egress rules would prevent/interfere with active data transfers. The check should encompass both restricted ports and restricted addresses; if the instance cannot connect back to the allowed ingress addresses, that would prevent active transfers from working as expected.The text was updated successfully, but these errors were encountered: