You can now write an ALB rule to perform an appropriate routing action on a request based on the source IP. The rule applies to IP addresses specified in the CIDR format. Client IP CIDR based routing can be used to allow or block web requests based on the IP addresses that the requests originate from.
Differentiated responses for clients based on their IP is a very common scenario requested by
customers. It covers use cases like:
1. Blacklisting/whitelisting a specific set of IPs
2. Respond with a fixed content (using fixed response feature) for specific set of IPs or CIDRs.
3. Provide differentiated authentication flow for specific set of IPs
1. Let’s imagine that there is a page that is only accessible from your admin host whose IP CIDR is 18.207.142.48/32. (We use 18.207.142.48/32 which is a single IP address CIDR for demonstration purpose. The input can be any valid CIDR format. You can also specify either IPv4 or IPv6 address CIDRs.)
2. When you access the admin page from the admin network (18.207.142.48/32), you will see a “Welcome Page”. However, when you access the page from any other IP CIDR, you will get an error page. t
3. When you use the query parameter “theme=bright”, the Application Load Balancer returns the page of bright theme. Similarly, you will see the same web page of dark theme when you use ”theme=dark” in the request query parameter.
4.Pattern match for query string is case-insensitive.
5. For each evaluation in a condition, a successful match occurs if the query parameters in the query string matches the key-value pair that is provided as an input including any wildcards. A wildcard “*” (matches 0 or more characters) and a wildcard “?” (matches exactly one character) can be used though it is advised that you avoid use of “*” and “?” in the query string. If present, “*” and “?” is interpreted literally as a character and to differentiate these from wildcards in the match string, you need to precede these characters with an escape character.
6. You can use multiple query parameters to let the Application Load Balancer route requests to different target groups. In our demo, we added one more query parameter – “gif”, through which you can specify the GIF that you want to see on the web page.