Limit the access to my site to a single dynamic IP

February 18, 2017 1.3k views
DigitalOcean

I have an ubuntu instance running @aws, and from them control panel | mobileApp I can update the only IP I want to access the website @port 80, 22 witch is my home IP but is dynamic, so 2 or 3 times a week automatically changes and I log in to update that rule.
Therefor I don't do any changes in iptables or nginx.
I haven't subscribe @digitalocean yet, so I'm here trying to figure it out if this thing is also that easy to configure here.

Thanks for any support.

3 Answers

@jcsantos

Currently, DigitalOcean doesn't provide a means to limit connections to a single IP or IP range without using a solution within the Droplet (i.e. a firewall, whether ufw or iptables). You'd have to configure this on your own once the Droplet is deployed and live.

I find this question confusing. Is the goal to connect to AWS, or is the goal to set up some service on Digital Ocean?

If you set up a Digital Ocean droplet on FreeBSD, logins use a key rather than a password.

I assume you would have to setup some sort of dynamic DNS scheme. Personally I don't like to do anything that I can't control 100%, so that would be a show stopper for me. That is, I wouldn't want to lock myself out.

There is nothing wrong with being paranoid, but I would set up an oauth scheme to lock out hackers rather than a firewall. Now that said, I have significant firewall blocking on some of my ports. For instance, geographical blocking on all email ports other than 25. I don't have a reason to retrieve my email from say Kazakstan, hence I block that country. This snares many a hacker.

You could whitelist your ISP, but IP space is bought and sold and hence dynamic. You could set up port knocking detection:
https://en.wikipedia.org/wiki/Port_knocking

My point is locking yourself out of your VPS is a situation where no one can save you. I'd rsync to another service so at least you don't lose your data.

Youtube tutorial of how to whitelist IP address with Digital Ocean's firewall: https://snipp.ly/l/OjLdg

You can use their firewall and add a range of ips such as 172.12.13.0/24 so your ISP might give you a dynamic IP within a certain range so you can whitelist that range with their firewall and the above youtube tutorial will show how to do that

Have another answer? Share your knowledge.