DEV Community

Cover image for Got a false positive! AWS WAF HostingProviderIPList may block system linking.
Masayoshi Haruta for AWS Community Builders

Posted on

1

Got a false positive! AWS WAF HostingProviderIPList may block system linking.

I ran into a false positive the other day, so I'd share it; There is a rule AWSManagedRulesAnonymousIpList in AWS WAF v2, use of the HostingProviderIPList in it may need a little care in a particular situation.

What the problem

First, let me explain what the rules are.

RuleName Detail
AWSManagedRulesAnonymousIpList Inspects for a list of IP addresses of sources known to anonymize client information, like TOR nodes, temporary proxies, and other masking services.
HostingProviderIPList Inspects for a list of IP addresses from hosting and cloud providers, which are less likely to source end-user traffic. The IP list does not include AWS IP addresses.

It is a very useful rule set that usually blocks suspicious accesses. However, the other day I decided to integrate the web service with my customer's external system, and when testing, we encountered a problem where communication could not be established and the service was blocked. As a result, we have set the rule set to "Count" and are now observing whether we should really turn off the rule set.

Workaround

I used Terraform to build the WAF, so this will be an explanation using Terraform. The change is quite simple, just add excluded_rule to the rule in the aws_wafv2_web_acl

fixing diff

I hope it will be of some help to anyone who is encountering the same problem.

Appendix

By the way, if you want to build a WAF using Terraform, please refer to my previous article!

Thank you for reading!

Sentry image

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay