×
Blog Cloud Computing Virtualization

Steps to create WAF to block Geographic restrictions

In this blog, we will show the steps to create WAF to block geographic restrictions.

 

REQUIREMENTS

 

  • AWS Subscription.

 

WINDOWS APPLICATION FIREWALL (WAF) OVERVIEW

 

  • WAF works with Conditions, Rules, Web ACL & Associations. Please check the below overview image.

Steps to create WAF to block Geographic restrictions

 

  • There are 6 types of conditions are available in WAF. They are Cross-site Scripting, Geo match, IP addresses, SQL injection & String and regex matching.

Steps to create WAF to block Geographic restrictions

 

  • Once you defined the conditions, you add the rules using AND conditions. There are two types of rules available. They are Regular rule and Rate-based rule.

 

  • The next step is to configure Web ACL to allow, deny (or) count the request based on the rule.

 

 

ENVIRONMENT OVERVIEW

 

  • For demo purposes, we installed IIS in a windows EC2 instance with a simple webpage.

Steps to create WAF to block Geographic restrictions

Steps to create WAF to block Geographic restrictions

 

  • Also, we have created a VPC with 2 subnets in a different availability zone.

Steps to create WAF to block Geographic restrictions

Steps to create WAF to block Geographic restrictions

 

CREATING LOAD BALANCER

 

  • Open the EC2 page and click on the Load Balancer link.

Steps to create WAF to block Geographic restrictions

 

  • Click on create the Load Balancer link.

Steps to create WAF to block Geographic restrictions

 

  • Then select the load balancer type as Application Load Balancer.

Steps to create WAF to block Geographic restrictions

 

  • Provide the name for the load balancer and scheme type as Internet-facing. Also, select the IP address type as IPv4.

Steps to create WAF to block Geographic restrictions

 

  • Add the listener type as HTTP 80.

Steps to create WAF to block Geographic restrictions

 

Note: By default, we need two subnets in different availability zone to create ALB (Application Load Balancer)

 

  • Select the availability zones from the list and click Next.

Steps to create WAF to block Geographic restrictions

 

  • You can ignore this for testing purposes. Click Next.

Steps to create WAF to block Geographic restrictions

 

  • Create (or) select existing network security groups and allow port 80.

Steps to create WAF to block Geographic restrictions

 

  • To configure the ALB routing method, create a new target group, target type as Instance, a protocol like HTTP and port as 80. Leave the remaining options as default and move the register targets page.

Steps to create WAF to block Geographic restrictions

 

  • Select the instance to add in the registered list and click on Add to the registered button.

Steps to create WAF to block Geographic restrictions

 

  • Make sure that your instance is available under Registered Targets.

Steps to create WAF to block Geographic restrictions

 

  • Review the settings and click on the create button.

Steps to create WAF to block Geographic restrictions

 

  • The load balancer created successfully.

Steps to create WAF to block Geographic restrictions

 

  • It will take a few minutes to change the ALB status to active.

image

 

  • Try to browse the ALB DNS and confirm whether it’s working fine (or) not.

image

image

 

CREATING WEB APPLICATION FIREWALL(WAF)

 

  • Go to AWS services and search for WAF & Shield.

image

 

  • Click on Go to AWS WAF button.

image

 

  • Under conditions topic, click on Geo match.

image

 

  • Click on create condition button.

image

 

  • Provide a name and select the region where your application load balancer resides. We use Singapore region for this demo.

image

 

  • Under filter settings, select the country from the drop-down list to allow to access your website. Then click on Add location.

image

 

  • Confirm the settings and click on create button.

 

  • Geo condition added successfully.

image

 

  • Now click on Rules option.

image

 

  • Click on create rule button.

image

 

  • Provide the Name, Rule type & Region.

image

 

  • Under conditions select the geographic location. Then click on the create button.

image

 

  • The rule created successfully.

image

 

  • Click on Web ACLs link.

image

 

  • To create a new web ACL, click on create web ACL button.

image

 

  • Provide a name for Web ACL and select the resource type to associate the web ACL as Application Load Balancer.

image

 

  • Select the load balancer from the drop-down list and click on Next button.

image

 

  • Verify the Geo condition has selected then click on the Next button.

image

 

  • Select the rule from the drop-down list and click on Add rule to web ACL.

image

 

  • Select the action as per your requirement. For this demo, we select allow option. Then select the default option as Block all requests that don’t match any rules.

image

 

  • Verify the settings and click on create button.

 

  • Web ACL was created successfully.

image

VERIFICATION

 

  • You will able to access the ALB URL from the India region.

image

 

  • You will get the Forbidden error while trying to access the URL from outside India.

image

 

Thanks for reading this blog. We hope it was useful for you to learn about the steps to create WAF to block Geographic restrictions.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.