WAF with Global Accelerator

Hello

We have a WAF rule which disallows certain IPs (based on geography). In our original configuration, we had:

Global Accelerator --> Internet Facing ALB (w/ WAF integration) --> ECS cluster

as part of a security review, we noticed that those ALB don't need to be Internet-facing, i.e., they could be Internal-facing and on Private Subnets.

The proposed config is:

Global Accelerator --> Internal ALB --> ECS Cluster

and we have shown this works. However, we also noticed its possible to have WAF Integration with the Internal ALB.

In this use case, is the WAF rule still effective? Will it still enforce the IP restrictions (seems that would only work if GA preserved the source IP)?

Thank you!