Waf Charm

Blog

AWS WAF, Managed rules

Configure the Anonymous IP List settings in the AWS Management Console

Table of Contents

  1. 1. Introduction
  2. 2. How to Configure the Rules
  3. 3. Operation of the Rules
  4. 4. Recommended AWS Managed Rules Combination
  5. 5. Conclusion

1. Introduction

The Anonymous IP List feature was added to AWS Managed Rules in March of 2020.

For details, please refer to the following article:

"Anonymous IP List for AWS Managed Rules added to AWS WAF"
https://aws.amazon.com/about-aws/whats-new/2020/03/aws-waf-adds-anonymous-ip-list-for-aws-managed-rules/

This blog outlines how to configure Anonymous IP List settings in the AWS Management Console.

2. How to Configure the Rules

The "Anonymous IP List" has been added to the AWS Managed Rules configuration screen.

We recommend that you introduce the Anonymous IP List rule using COUNT first.

3. Operation of the Rules

For example, if you use the hosting provider's IP list, it may block global IPs from the Internet gateway hosted in the data center.

You may need to initially operate together with the whitelist, and consider operating the "HostingProviderIPList" as a COUNT.

4. Recommended AWS Managed Rules Combination

◎:Recommended setting
△: Include one of these
▲: Select according to the environment

Reference: "How to choose AWS Managed Rules"
https://www.wafcharm.com/blog/how-to-choose-aws-managed-rules/

5. Conclusion

IP lists are attractive because they are easy to understand and powerful. However, we recommend you to start COUNT mode to check false positves.