About WAF Rules

Hi, yes, WAF can guards against geo locations that you specify in rules: see https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html

So, yes, if an ISP / hosting company has its Internet access point(s) in some countries that you block, WAF will prevent customers of this ISP for internet connection to access your app.

The basic geo-blocking of WAF is pure: it only takes geo location into account. But you can combine it with other matchers like "Ip Set Match" (see https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-ipset-match.html) to unblock some specific addresses (some of the ISP for example) while your keep the rest of the geolocation blocked.

To answer the other part of your question, geo-blocking exists for example for compliance reasons: some content publishers are forbidden to publish their content in some countries. Geo-blocking is the solution of this use case.

Also useful: based on WAF FAQ: https://aws.amazon.com/waf/faqs/

How accurate is your GeoIP database?

The accuracy of the IP Address to country lookup database varies 
by region. Based on recent tests, our overall accuracy for the IP 
address to country mapping is 99.8%. 

Best,

Didier