AWS WAF Specifically block TOR

0

I'm trying to block Tor only connections against my aws resource using the AWS WAF rule group managed by AWS called AWS-AWSManagedRulesAnonymousIpList (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html )

At the the top they say "These include requests from VPNs, proxies, Tor nodes, and hosting providers" but when descreibing AnonymousIPList labels you said "Inspects for a list of IP addresses of sources known to anonymize client information, like TOR nodes, temporary proxies, and other masking services." so its not clear if VPN is a masking service or not for me since the description is seems pretty broad and non specific

2 Answers
1

Hi,

VPN is considered a masking service as your actual IP address and online actions are virtually untraceable. You can run a test by yourself:

  • Create a web service for example a 3tier app using ALB (Application Load balancer)
  • Attach WAF managed rule set to the ALB and only activate Anonymous IP list.
  • While adding the managed rule set you can be more specific to only block action using the edit option for Anonymous IPlist [There is edit tab in front of the Capacity unit].
  • Try connecting the App using a VPN service externally.

If you wanted to just block the Tor nodes and let VPN permit, that level of granularity is not available in this managed rule.

Thanks

AWS
answered a year ago
0

You can leverage the IP list parser where the Lambda function will gathers and parses data from tor exit nodes and the other 3rd party sources.

AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions