How to whilelist specific IP addresses from AWS WAF

Question

We have a web application which is protected by aws WAF. Our company network are blocked more often than not due to reach the threshold. We have a team working with the web app, of course we are much easier to reach the threshold.

So, I want to whilelist our company public IP addresses from aws WAF, which is controled/maintained by company Global team. And the feedback I got was that there was no such functionality.

Is there any possible way to whilelist (or bypass) aws WAF for spcific IP addresses?

Answer 1

Yes of course you can do this. You would want the default behaviour of your WAF to be block all.

Then create a IPSet. You can add your office IP address within this.

Finally attach this to your WAF and set it to "Allow". Ensure this is the top rule, it will be evaluated first ignoring all other rules.

For more information take a look at AWS documentation for creating and managing an IPSet.

Answer 2

As you already configured Rate base rule, so you need slightly different changes to allow unlimited request from the office IP and block request when originated from other IPs when they hit the limit.

• Create an IP match condition for your Office Ip

• Create Rate base rule with limit and set condition when does not originate from IP sets that we created on step 1

Add this rule in the Web ACL.