You can use AWS WAF (a web application firewall) to help protect your web applications from exploits that originate from groups of IP addresses that are known to be operated by bad actors such as spammers, malware distributors, and botnets. The IP addresses used may change over time as these bad actors attempt to avoid detection. In this post, I will show how to synchronize AWS WAF Rules with reputation lists.
A number of organizations maintain reputation lists of IP addresses used by bad actors. Their goal is to help legitimate companies block access from specific IP addresses and protect their web applications from abuse. These downloadable, plaintext reputation lists include Spamhaus's Don’t Route Or Peer (DROP) List and Extended Drop (EDROP) List, and Proofpoint’s Emerging Threats IP list. Similarly, the Tor project’s Tor exit node list provides a list of IP addresses currently used by Tor users to access the Internet. Tor is a web proxy that anonymizes web requests and is sometimes used by malicious users to probe or exploit websites.Read More →