I have an AWS Elastic Beanstalk (Node.js) setup behind an Elastic Load Balancer and alerts setup for the load balancer. Each night I get tons of alerts for:
Environment health has transitioned from Ok to Severe. 100.0 % of the requests are erroring with HTTP 4xx.
This is due to trawls of different PHP hackz and phpmyadmin, dbadmin, etc. using the HEAD method in 99% of the cases. Since we have an external AIM service they trigger on these alerts as well creating an issue for each (which we now change of course) but crying "wolf" you know...
Question is, is it possible to block HEAD or certain URI's we know we don't need somehow to get rid of the "false" HTTP 4xx?
As Mark B pointed out in the comments above using a Web Application Firewall (WAF & Shield) solves our issue.
We had a normal EC2 ELB (Elastic Load Balancer) and swapped that out for the new Application Load Balancer (ALB) that is a requirement for the WAF.
Setting up WAF is fairly easy, first create a Web ACL for blocking HTTP HEAD (you can add a ton of other protection as well, SQL Injection, etc.) and then add a Rule to Block any matching wACL but Allow any other traffic.
Lastly associate the new wACL with the load balancer and you're done!
Testing HTTP HEAD now gives a "403 Forbidden" and is not entering our Elastic Beanstalk.