aws waf and reliability of geolocation of incoming request

Question

From our application where user logs in we want to ensure that the request came from particular country. We tried GeoIP api 's and it is not accurate and yet times returns country that is not where exactly user logged in from.

I notice that WAF : https://repost.aws/knowledge-center/waf-allow-block-country-geolocation
want to understand how reliable it is compared to other goiip providers.

Answer

Hi, based on WAF FAQ: https://aws.amazon.com/waf/faqs/
```
How accurate is your GeoIP database?

The accuracy of the IP Address to country lookup database varies 
by region. Based on recent tests, our overall accuracy for the IP 
address to country mapping is 99.8%. 
```

You also have to remember that some corporations have a global single internet access even if their branches are in multiple countries: all internet traffic originates from this single place and is seen as such on the internet even if staff from all over the work uses it.

Also, systems like Tor: https://en.wikipedia.org/wiki/Tor_(network) will "muddy the water"

So, think about all those possible circumventions when you implement geolocations-based rules.

Hope it helps!

Didier

aws waf and reliability of geolocation of incoming request

Relevant content