AWS Certified Advanced Networking - Specialty (#2)

You manage a web service that is used by client applications deployed in 300 offices worldwide. The web service architecture is an Elastic Load balancer (ELB) distributing traffic across four application servers deployed in an autoscaling group across two availability zones. The ELB is configured to use round robin, and sticky sessions are disabled. You have configured the NACLs and Security Groups to allow port 22 from your bastion host, and port 80 from 0.0.0.0/0. The client configuration is managed by each regional IT team. Upon inspection you find that a large amount of requests from incorrectly configured sites are causing a single application server to degrade. The remainder of the requests are equally distributed across all servers with no negative effects. What should you do to remedy the situation and prevent future occurrences?

Mark the affected instance as degraded in the ELB and raise it with the client application team.
Update the NACL to only allow port 80 to the application servers from the ELB servers.
Update the Security Groups to only allow port 80 to the application servers from the ELB.
Terminate the affected instance and allow Auto Scaling to create a new instance.