AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

AWS WAF efficient rule for allowing specific IPs and Countries for specific URLs

0
  1. I want to allow abc.example.com/* in a specific country xyz what will be best rule for it ?
  2. what will be rule in case to allow only specific ips to acces abc.example.com?
주제
보안, 신원 및 규정 준수
태그
AWS WAF
언어
English
AWS-User-0338648
질문됨 2년 전329회 조회
2개 답변
0

You could accomplish this via rules in a Web ACL in AWS WAF. A geomatching rule like this:

Action": {
    "Block": {}
    "Statement": {
       "NotStatement": {
          "Statement": {
"GeoMatchStatement": {
          "CountryCodes": [
            "CA"
                      ]
        }

in your Web ACL would block all traffic except traffic originating in Canada.

You can also restrict access to an approved group of IP addresses by creating a list of addresses in WAF, and then creating a rule in the Web ACL to allow only those IP addresses.

profile picture
jwesley
답변함 2년 전
  • AWS-User-0338648
    2년 전

    Good , but I want to know e.g. I have multiple URLs i.e. abc.example.ccom, xyz.example.com, ghi.example1.com, example2.com etc. and I want to block on specific URL e.g. abc.example.com ....out of multiple URLs how can I do for a specific URL

  • AWS-User-0338648
    2년 전

    Good , but I want to know e.g. I have multiple URLs i.e. abc.example.ccom, xyz.example.com, ghi.example1.com, example2.com etc. and I want to block on specific URL e.g. abc.example.com ....out of multiple URLs how can I do for a specific URL

0

You need to write a string match or regex match rule that looks at host header field AND put another condition to look for the country you want to allow. You may want to set web ACL default action to block as well.

Might want to look at this as well https://www.youtube.com/watch?v=ll-uvVgQ3Jg (skip to 50%)

{
  "Name": "test-rule",
  "Priority": 0,
  "Action": {
    "Allow": {}
  },
  "VisibilityConfig": {
    "SampledRequestsEnabled": true,
    "CloudWatchMetricsEnabled": true,
    "MetricName": "test-rule"
  },
  "Statement": {
    "AndStatement": {
      "Statements": [
        {
          "ByteMatchStatement": {
            "FieldToMatch": {
              "SingleHeader": {
                "Name": "Host"
              }
            },
            "PositionalConstraint": "STARTS_WITH",
            "SearchString": "abc.example.com",
            "TextTransformations": [
              {
                "Type": "LOWERCASE",
                "Priority": 0
              }
            ]
          }
        },
        {
          "GeoMatchStatement": {
            "CountryCodes": [
              "US"
            ]
          }
        }
      ]
    }
  }
}
AWS
kumo-hiyori
답변함 2년 전
  • AWS-User-0338648
    2년 전

    Thanks @Kumo-Hiyori for a reply, I try the above rule with country statement and without country statement, but it doesn't work.

    I don't know what's the reason behind But Then I try single statement rule looking for single header host starts with abc.example.com and block all traffic but it still allows , I don't know why ,

    Any solution?

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠