DEV Community

Latchu@DevOps
Latchu@DevOps

Posted on

πŸ›‘οΈ AWS WAF Now Supports ASN Matching β€” Block Shady VPNs Like a Pro

#aws #waf #webacl #cloud

As of June 5, 2025, AWS WAF just got a powerful new capability β€” you can now match incoming traffic based on Autonomous System Numbers (ASNs).

This opens up a new layer of control in your WAF rules, making it easier to block:

  • 🚫 Known VPN providers
  • πŸ›‘ Malicious bot networks
  • πŸ“‰ Poor-performing ISPs
  • βœ… Or allow traffic from trusted carriers

πŸ€” Wait, What’s an ASN?

An ASN (Autonomous System Number) represents a group of IP addresses owned and managed by an organization β€” usually:

  • An ISP
  • A VPN provider
  • A cloud/data center provider

For example:

Google ASN β†’ 15169

Cloudflare ASN β†’ 13335

A shady VPN provider β†’ 12345

πŸ” Why Is This Update So Useful?

Before:

  • You had to manually maintain IP lists to block VPNs
  • Couldn’t easily identify traffic by provider
  • Blocking was brittle and error-prone

Now:

  • Just block by ASN β€” clean and fast
  • Works natively inside AWS WAF
  • Combine it with rate limiting, geo match, IP sets, and more

🎯 Example: Blocking a Known VPN ASN

You notice excessive scraping or login abuse from a VPN provider with ASN 12345.

Here’s how you block it in AWS WAF:

πŸ› οΈ In AWS Console:

  1. Go to your Web ACL
  2. Create a new Rule
  3. Choose "Match Rule" > ASN match
  4. Enter 12345
  5. Set Action to Block
  6. Save

βœ… Done β€” all traffic from that ASN will now be blocked.

πŸ“ˆ Advanced Use: Rate Limit by ASN

Let’s say you want to throttle traffic instead of fully blocking:

β€œIf ASN 12345 sends more than 100 requests in 5 minutes, block it temporarily.”

Use a Rate-based Rule with:

  • Condition: ASN match = 12345
  • Rate limit: 100 requests / 5 min
  • Action: Block

Perfect for mitigating abuse without hurting good traffic.

🧠 TL;DR

Feature Benefit
ASN Match Block entire ISP/VPN networks in one rule
Simpler Setup No more chasing IPs
Better Control Combine with rate limits, geo, headers, etc.

πŸ’¬ Final Thoughts

This update gives you ISP-level control over your traffic β€” perfect for securing web apps against bad actors using anonymous networks.

πŸ” Better security
⚑️ Faster decisions
πŸ’Έ Lower WAF maintenance effort

Are you using ASN-based rules in your WAF yet? Let’s talk in the comments πŸ‘‡

Top comments (0)