1. Answers
  2. Blocking IP addresses using AWS WAF IP sets

How Do I Block IP Addresses Using AWS WAF IP Sets?

Introduction

AWS WAF (Web Application Firewall) is a powerful tool that helps protect your web applications from common web exploits and bots that can affect availability, compromise security, or consume excessive resources. One of its useful features is the ability to block specific IP addresses using IP sets. This guide will walk you through the process of setting up an IP set to block unwanted IP addresses using AWS WAF.

Step-by-Step Process

To block specific IP addresses using AWS WAF’s IP set functionality, follow these steps:

  1. Create an IP Set: Define an IP set that includes the IP addresses you want to block. This IP set will serve as a reference point for the WebACL rule.

  2. Create a WebACL: Set up a WebACL (Web Access Control List) with a rule that references the IP set. This rule will specify that any traffic from the IP addresses in the IP set should be blocked.

  3. Associate the WebACL: Attach the WebACL to your AWS resources, such as CloudFront distributions or API Gateway stages, to enforce the blocking rule.

Below is an example of how to configure this in TypeScript using Pulumi:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Define the IP Set with a list of IPs to block
const blockedIps = new aws.wafv2.IpSet("blocked_ips", {
    name: "blocked-ips",
    scope: "REGIONAL",
    description: "IP Set to block specific IP addresses",
    ipAddressVersion: "IPV4",
    addresses: [
        "192.0.2.0/24",
        "203.0.113.5/32",
    ],
});
// Define a WebACL with a rule to block IPs in the IP Set
const webAcl = new aws.wafv2.WebAcl("web_acl", {
    name: "blocked-ips-web-acl",
    scope: "REGIONAL",
    description: "Web ACL to block specific IP addresses",
    defaultAction: {
        allow: {},
    },
    rules: [{
        name: "block-ips-rule",
        priority: 1,
        action: {
            block: {},
        },
        statement: {
            ipSetReferenceStatement: {
                arn: blockedIps.arn,
            },
        },
        visibilityConfig: {
            sampledRequestsEnabled: true,
            cloudwatchMetricsEnabled: true,
            metricName: "block-ips-rule",
        },
    }],
    visibilityConfig: {
        cloudwatchMetricsEnabled: true,
        metricName: "blocked-ips-web-acl",
        sampledRequestsEnabled: true,
    },
});
export const webAclArn = webAcl.arn;

Key Points

  • IP Set: A collection of IP addresses you want to block.
  • WebACL: A control list that uses rules to allow or block traffic based on specified conditions.
  • Association: The WebACL needs to be associated with AWS resources to enforce traffic control.

Conclusion

By following these steps, you can effectively block specific IP addresses using AWS WAF’s IP set functionality. This setup helps secure your applications by preventing unwanted traffic from reaching your AWS resources. The example provided demonstrates how to implement this using TypeScript and Pulumi, but the concepts can be adapted to other environments and tools as needed.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up