By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS WAF Rate-Based Rule - How to permanently block offending IP addresses?

0

Hi all,

I would like to hear your approaches when applying a rate-based rule via AWS WAF.

What are the best ways to permanently block IP addresses that trigger the RBR? I would also like to send notification to our internal team that:

  1. The rule has been triggered
  2. List the IP (or IPs) that have been blocked

Thanks!

  • Oleksii Bebych EXPERT
    a year ago

    please accept the answer if it was useful

Topics
Security, Identity, & ComplianceNetworking & Content DeliveryAWS Well-Architected Framework
Tags
AWS WAFNetworking & Content DeliverySecurityDDOS Protection
Language
English
Adrian-Keith
asked a year ago1K views
2 Answers
1

look at this blog https://aws.amazon.com/blogs/networking-and-content-delivery/configure-block-duration-for-ips-rate-limited-by-aws-waf/

profile picture
EXPERT
Oleksii Bebych
answered a year ago
  • Adrian-Keith
    a year ago

    Hi Oleksii, I appreciate the reply, however, in the Solution Overview & Architecture section, it refers to a minimum block period. I would like for it to be permanent until someone reviews it and removes it intentionally. I would be concerned if the same IP is compromised again in the near or long term.

    "It blocks the IP addresses blocked by a rate-based rule for a configurable time period. Minimum supported block period is 6 minutes.

0

Hi Adrian, If your requirement is block specific ip permanently, create an ip set steps: Here and create a new Web ACL/ Rules / "Add my own rules and rule groups” select the IP Set, Source IP Address, Action->Block and save, steps: Here.

AWS
Frank
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content