On Tuesday, Dec. 27, 2016 Site-Infra is planning to remove 0.0.0.0/0 ingress rules from tv-lbext security group. This means that all inbound network traffic to tv-lb cluster, which isn't explicitly white listed in the firewall will be blocked.
If your service is running on AWS (in VPC or EC2 Classic) and requires access to our frontend load balancers:
tv-lb-02 (lb02.traveloka.com)
tv-lb-05 (lb05.traveloka.com)
tv-lb-06 (lb06.traveloka.com)
tv-lb-07 (lb07.traveloka.com)
or to one of the following FQDNs:
you need to inform Site-Infra team ASAP, so we can allow access from your service to tv-lb cluster.
If you're accessing one of the above FQDNs from outside of the AWS, you should not be affected, as your requests will be routed via Akamai edge servers, which have already been granted explicit access.
Blocking external access to origin servers will allow us to protect our site from DOS, DDOS, XSS, SQL injection, and similar attacks on the edge, drastically reducing load on our load balancers and backend servers.
Due to activation of Akamai we want to stop external clients from access our tv-lb loadbalancers directly from Internet and instead route them via Akamai (edge) servers. Before we can block all inbound access, we need to ensure that internal applications can access our load balancers.
Please share this post to all groups or channels this info might relevant to. Raise your questions or make comments on this post, or in #site-infra-channel.
There is also a ticket for this initiative here: https://29022131.atlassian.net/servicedesk/customer/portal/11/TOSD-378