We can restrict country by WAF rule, so why it has CloudFront geographic restrictions?

0

Hi guys,

As I see CloudFront itself have geographic restrictions under security tab. I wonder why we don't use WAF in this case.

profile picture
Bach
asked 11 days ago50 views
1 Answer
2
Accepted Answer

Hi,

You can see at least 3 different reasons for that:

  • The geo-blocking features of CloudFront are also intended for legal reasons: some customers do not have legal rights to distribute some content in some regions. It can be used for that.
  • WAF is another service which is paid for: some customers need minimal cost. So, CF geo-blocking can be used in that case
  • WAF is more flexible than CF re. geo-blocking: in advanced rules, you can combine logically geo-blocking with other conditions on the requester. It's needed by some customer for which CF geo-blocking is then not flexible enough.

Best

Didier

profile pictureAWS
EXPERT
answered 11 days ago
profile picture
EXPERT
reviewed 11 days ago
profile picture
EXPERT
reviewed 11 days ago
profile picture
EXPERT
Sandeep
reviewed 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions