AWS WAF Rate-Based Rule - How to permanently block offending IP addresses?

0

Hi all,

I would like to hear your approaches when applying a rate-based rule via AWS WAF.

What are the best ways to permanently block IP addresses that trigger the RBR? I would also like to send notification to our internal team that:

  1. The rule has been triggered
  2. List the IP (or IPs) that have been blocked

Thanks!

  • please accept the answer if it was useful

2 Answers
1
  • Hi Oleksii, I appreciate the reply, however, in the Solution Overview & Architecture section, it refers to a minimum block period. I would like for it to be permanent until someone reviews it and removes it intentionally. I would be concerned if the same IP is compromised again in the near or long term.

    "It blocks the IP addresses blocked by a rate-based rule for a configurable time period. Minimum supported block period is 6 minutes.

0

Hi Adrian, If your requirement is block specific ip permanently, create an ip set steps: Here and create a new Web ACL/ Rules / "Add my own rules and rule groups” select the IP Set, Source IP Address, Action->Block and save, steps: Here.

AWS
Frank
answered 6 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions