- Newest
- Most votes
- Most comments
Hi UNAIS,
Here are a few things you can do to avoid high WAF billing and requests from rejected geo locations:
-
Enable WAF logging and analytics. This will give you visibility into the requests getting blocked and where they are coming from. You can use this to further tweak your WAF rules.
-
Implement CAPTCHAs or other challenge mechanisms on your application. This will add extra friction for bots and automated requests coming from invalid locations.
-
Tweak the WAF rules to only block requests that are clearly bots/scraping and allow more legitimate geo-located traffic, rather than broadly blocking all non-approved countries.
The key is to get visibility through logs, implement layered defenses, and tune WAF to be as permissive as possible while still protecting against clear threats. Blocking entire countries often backfires by blocking real users too.
Relevant content
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 19 days ago