The proxy IP we operate is registered in AWS WAF's ip reputataion.

1

It is being used for a normal service purpose, but a request to the AWS website is not possible. Is it possible to request an IP release? please tell me how

asked 2 years ago373 views
1 Answer
0

I understand the frustration of not being able to access your website via your proxy IP address. An Amazon IP reputation list managed rule groups allow you to block requests based on their source IP address that are typically associated with bots or other threats. While it is not possible for you to have your proxy IP address released there are ways to allow a specific IP address or addresses, using one of the following methods to resolve this problem: Scope-down statements to narrow the scope of the requests that the rule evaluates. Choose this option for addressing logic in a single rule group. Or, you can use Labels on web requests to allow a rule that matches the request to communicate the match results to rules that are evaluated later in the same web ALC. Choose this option to reuse the same logic across multiple rules.

https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html#aws-managed-rule-groups-ip-rep-amazon
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-scope-down-statements.html https://docs.aws.amazon.com/waf/latest/developerguide/waf-labels.html

Considering your use case, creating a IP Set on WAF would be the most convenient solution. You can allow traffic from your proxy IP while still utilizing the IP reputation list managed rule group. Please follow these steps:

  1. Sign in to the AWS Management Console and open the WAF console at https://console.aws.amazon.com/wafv2/
  2. In the navigation pane, choose IP sets, and then choose Create IP set.
  3. Enter an IP set name and Description - optional for the IP set. For example: MyTrustedIPs. Note: You can't change the IP set name after you create the IP set.
  4. For Region, choose the AWS Region where you want to store the IP set. To use an IP set in web ACLs that protect Amazon CloudFront distributions, you must use Global (CloudFront).
  5. For IP version, choose the version you want to use.
  6. For IP addresses, enter one IP address or IP address range per line that you want to allow in CIDR notation. Note: AWS WAF supports all IPv4 and IPv6 CIDR ranges except for /0. Examples: To specify the IPv4 address 192.168.0.26, enter 192.168.0.26/32. To specify the IPv6 address 0:0:0:0:0:ffff:c000:22c, enter 0:0:0:0:0:ffff:c000:22c/128. To specify the range of IPv4 addresses from 192.168.20.0 to 192.168.20.255, enter 192.168.20.0/24. To specify the range of IPv6 addresses from 2620:0:2d0:200:0:0:0:0 to 2620:0:2d0:200:ffff:ffff:ffff:ffff, enter 2620:0:2d0:200::/64.
  7. Review the settings for the IP set. If it matches your specifications, choose Create IP set.
  8. In the navigation pane, under AWS WAF, choose Web ACLs.
  9. For Region, select the AWS Region where you created your web ACL. Note: Select Global if your web ACL is set up for Amazon CloudFront.
  10. Select your web ACL.
  11. In the web ACL Rules tab, choose the specific AWS Managed Rule group that is blocking your request, and then choose Edit.
  12. Choose Rules, and then choose Add Rules, Add my own rules and rule groups.
  13. For Scope-down statement - optional, choose the Enable scope-down statement.
  14. For If a request, choose doesn't match the statement (NOT).
  15. On Statement, for Inspect, choose Originates from IP address in.
  16. For IP Set, choose the IP Set you created earlier. For example: MyTrustedIPs.
  17. For IP address to use as the originating address, choose Source IP address.
  18. Choose Save rule.

https://aws.amazon.com/premiumsupport/knowledge-center/waf-allow-ip-using-reputation-anon-list/

Please contact if you have any further questions, and feel free to reach out to us via a support case to facilitate a discussion on the specifics of your resources

https://console.aws.amazon.com/support/home#/case/create?issueType=technical

Kevin_J
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions