AWS WAF Specifically block TOR


I'm trying to block Tor only connections against my aws resource using the AWS WAF rule group managed by AWS called AWS-AWSManagedRulesAnonymousIpList ( )

At the the top they say "These include requests from VPNs, proxies, Tor nodes, and hosting providers" but when descreibing AnonymousIPList labels you said "Inspects for a list of IP addresses of sources known to anonymize client information, like TOR nodes, temporary proxies, and other masking services." so its not clear if VPN is a masking service or not for me since the description is seems pretty broad and non specific

2 Answers


VPN is considered a masking service as your actual IP address and online actions are virtually untraceable. You can run a test by yourself:

  • Create a web service for example a 3tier app using ALB (Application Load balancer)
  • Attach WAF managed rule set to the ALB and only activate Anonymous IP list.
  • While adding the managed rule set you can be more specific to only block action using the edit option for Anonymous IPlist [There is edit tab in front of the Capacity unit].
  • Try connecting the App using a VPN service externally.

If you wanted to just block the Tor nodes and let VPN permit, that level of granularity is not available in this managed rule.


answered a year ago

You can leverage the IP list parser where the Lambda function will gathers and parses data from tor exit nodes and the other 3rd party sources.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions