Table of Contents
- 1. Introduction
- 2. How to Configure the Rules
- 3. Operation of the Rules
- 4. Recommended AWS Managed Rules Combination
- 5. Conclusion
1. Introduction
The Anonymous IP List feature was added to AWS Managed Rules in March of 2020.
For details, please refer to the following article:
"Anonymous IP List for AWS Managed Rules added to AWS WAF"
https://aws.amazon.com/about-aws/whats-new/2020/03/aws-waf-adds-anonymous-ip-list-for-aws-managed-rules/
This blog outlines how to configure Anonymous IP List settings in the AWS Management Console.
2. How to Configure the Rules
The "Anonymous IP List" has been added to the AWS Managed Rules configuration screen.
We recommend that you introduce the Anonymous IP List rule using COUNT first.
3. Operation of the Rules
For example, if you use the hosting provider's IP list, it may block global IPs from the Internet gateway hosted in the data center.
You may need to initially operate together with the whitelist, and consider operating the "HostingProviderIPList" as a COUNT.
4. Recommended AWS Managed Rules Combination
◎:Recommended setting
△: Include one of these
▲: Select according to the environment
Reference: "How to choose AWS Managed Rules"
https://www.wafcharm.com/blog/how-to-choose-aws-managed-rules/
5. Conclusion
IP lists are attractive because they are easy to understand and powerful. However, we recommend you to start COUNT mode to check false positves.