We can restrict country by WAF rule, so why it has CloudFront geographic restrictions?

0

Hi guys,

As I see CloudFront itself have geographic restrictions under security tab. I wonder why we don't use WAF in this case.

1 Answer
2
Accepted Answer

Hi,

You can see at least 3 different reasons for that:

  • The geo-blocking features of CloudFront are also intended for legal reasons: some customers do not have legal rights to distribute some content in some regions. It can be used for that.
  • WAF is another service which is paid for: some customers need minimal cost. So, CF geo-blocking can be used in that case
  • WAF is more flexible than CF re. geo-blocking: in advanced rules, you can combine logically geo-blocking with other conditions on the requester. It's needed by some customer for which CF geo-blocking is then not flexible enough.

Best

Didier

profile pictureAWS
EXPERT
answered 9 days ago
profile picture
EXPERT
reviewed 8 days ago
profile picture
EXPERT
reviewed 9 days ago
profile picture
EXPERT
Sandeep
reviewed 9 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions