- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hi, yes, WAF can guards against geo locations that you specify in rules: see https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html
So, yes, if an ISP / hosting company has its Internet access point(s) in some countries that you block, WAF will prevent customers of this ISP for internet connection to access your app.
The basic geo-blocking of WAF is pure: it only takes geo location into account. But you can combine it with other matchers like "Ip Set Match" (see https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-ipset-match.html) to unblock some specific addresses (some of the ISP for example) while your keep the rest of the geolocation blocked.
To answer the other part of your question, geo-blocking exists for example for compliance reasons: some content publishers are forbidden to publish their content in some countries. Geo-blocking is the solution of this use case.
Also useful: based on WAF FAQ: https://aws.amazon.com/waf/faqs/
How accurate is your GeoIP database?
The accuracy of the IP Address to country lookup database varies
by region. Based on recent tests, our overall accuracy for the IP
address to country mapping is 99.8%.
Best,
Didier
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 3 anni fa
thanks for the information :)