How to block website for particular IPs through aws WAF

Question

I'm running a website "www.example.com" on classic load balancer and behind classic load balancer attached EC2 instances, and also using a cloudfront assets.example.com for static data.

I noticed in nginx access logs some IPs are scraping the data daily. So I want to block those IPs in AWS WAF rules. But WAF can be associated with: 1) CloudFront 2) API Gateway 3)Application Load Balancer.

I can block the IPs only for static data which goes through CloudFront.

Below is the nginx logs example:

10.0.0.1 "POST /candidate/Event_v3/eventRegistered
10.0.0.2 "GET /account/preference 

How to block those IPs to not access the account, candidate etc sections?

Or how to block whole website www.example.com for particular IPs?

Can anyone help me out please.

Answer 1

You have several options one would be a web application firewall like https://www.asp-waf.com that does that as well as a lot more... and always works

alternatively, You can use ipsecurity if your IIS installation supports it. or fixed set in web config

<?xml version="1.0"?>
<configuration>
   <system.webServer>
      <security>
        <ipSecurity allowUnlisted="true">    
           <!-- block one set IP -->
           <add ipAddress="10.0.0.0" subnetMask="255.255.255.100"/>   
        </ipSecurity>
      </security>
      <modules runAllManagedModulesForAllRequests="true"/>
   </system.webServer>
</configuration>

Answer 2

One option to block the IP in this case is from the app itself. Add code to the app that returns a 403 or similar for a blacklist of ips you maintain in the app.

It would still reach the app, but normal service would be blocked.