- Newest
- Most votes
- Most comments
Hi, yes, WAF can guards against geo locations that you specify in rules: see https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html
So, yes, if an ISP / hosting company has its Internet access point(s) in some countries that you block, WAF will prevent customers of this ISP for internet connection to access your app.
The basic geo-blocking of WAF is pure: it only takes geo location into account. But you can combine it with other matchers like "Ip Set Match" (see https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-ipset-match.html) to unblock some specific addresses (some of the ISP for example) while your keep the rest of the geolocation blocked.
To answer the other part of your question, geo-blocking exists for example for compliance reasons: some content publishers are forbidden to publish their content in some countries. Geo-blocking is the solution of this use case.
Also useful: based on WAF FAQ: https://aws.amazon.com/waf/faqs/
How accurate is your GeoIP database?
The accuracy of the IP Address to country lookup database varies
by region. Based on recent tests, our overall accuracy for the IP
address to country mapping is 99.8%.
Best,
Didier
Relevant content
- asked 2 years ago
- asked 10 months ago
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 days ago
- AWS OFFICIALUpdated 5 months ago
thanks for the information :)