Jump to content


AWS WAF Geo IP Blocking


  • Please log in to reply
No replies to this topic

#1 Ashish Gangar

Ashish Gangar
  • Members
  • 1 posts

Posted 14 March 2016 - 04:43 AM



I am current provisioning a WAF in the AWS cloud.


The AWS ELB is configured for HTTPS load balancing with SSL reencryption to WAF.


ELB (443) -> WAF (62443) -> BACKEND SERVERS (443).


Each of the net devices have SSL certificates installed to inspect the SSL traffic.

AWS ELB is also configured for X-Forwarded-For Header insertion so that WAF can track the original end user source ip address.


We trying to use the Geo IP blocking capability in the WAF, however we cannot see the orginal source ip address in the Web Firewall and Access Logs. We have enabled client impersonation feature also in the WAF. 


How can we monitor and see the original source ip address in the logs and verify Geo IP blocking functionality still works?


Any ideas and solutions here will be much appreciated.