IP Blocking: Use AWS WAF or NACL?

Last updated on August 14, 2023

What should you do if you identified a series of malicious attacks on your application coming from a specific IP address? Will you use AWS WAF to block that IP address or create a rule in your Network Access Control List to deny traffic from that IP?

It is true that AWS WAF can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, to block common attack patterns, such as SQL injection or cross-site scripting. NACL, on the other hand, acts like a firewall for controlling traffic in and out of your subnets.

If the scenario is more about protecting your application from common web exploits (SQL injection or cross-site scripting), then AWS WAF would be a more suitable choice. Otherwise, you should choose NACL if it explicitly requires the need to block all traffic based on a given IP address or range.

In real-world scenarios, a hacker will not just use a single IP address to attack you. These guys will just use one IP address after the other. This is why it is difficult to individually block a malicious IP address or range using NACL. If you have a private web application (which is only used within your corporate network), the better solution would be to use a whitelist approach where you only allow authorized IP address/range to access your VPC. For public web applications, using the AWS WAF would be a better choice.

Additional Reading Materials:

Cheat Sheets on AWS WAF and Amazon VPC:

Note: If you are studying for the AWS Certified Security Specialty exam, we highly recommend that you take our AWS Certified Security – Specialty Practice Exams and read our Security Specialty exam study guide.

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%

passing rate

Around 95-98% of our students pass the AWS Certification exams after training with our courses.

200k+

students

Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.

~4.8

ratings

Our courses are highly rated by our enrollees from all over the world.

What our students say about us?

I’m deeply impressed by the quality of the practice tests from Tutorial Dojo. They are extremely well-written, clean and on-par with the real exam questions. Their practice tests and cheat sheets were a huge help for me to achieve 958 / 1000 — 95.8 % on my first try for the AWS Certified Solution Architect Associate exam. Perfect 10/10 material. The best $14 I’ve ever spent!

S. M. Shoaib

Khulna, Bangladesh

Given the enormous number of students and therefore the business success of Jon's courses, I was pleasantly surprised to see that Jon personally responds to many, including often the more technical questions from his students within the forums, showing that when Jon states that teaching is his true passion, he walks, not just talks the talk. I much respect and thank Jon Bonso.

Rowan Williams

Brisbane, Australia

The explanation to the questions are awesome. Lots of gap exposed in my learning. I used the practice tests along with the TD cheat sheets as my main study materials. This is a must training resource for the exam.

Using the practice exam helped me to pass. I think I wouldn't have passed if not for Jon's practice sets.

Jessica Chen

Guangzhou, China

I can say that Tutorials Dojo is a leading and prime resource when it comes to the AWS Certification Practice Tests. I also tried other courses but only Tutorials Dojo was able to give me enough knowledge of Amazon Web Services. My favorite part of this course is explaining the correct and wrong answers as it provides a deep understanding in AWS Cloud Platform. The course I purchased at Tutorials Dojo has been a weapon for me to pass the AWS Certified Solutions Architect - Associate exam and to compete in Cloud World. A Big thank you to Team Tutorials Dojo and Jon Bonso for providing the best practice test around the globe!!!

I highly recommend Jon and Tutorials Dojo!!!

Mikelito Luistro

Manila, Philippines

IP Blocking: Use AWS WAF or NACL?

IP Blocking: Use AWS WAF or NACL?

Additional Reading Materials:

Cheat Sheets on AWS WAF and Amazon VPC:

Get any AWS Specialty Mock Test for FREE when you Buy 2 AWS Pro-Level Practice Tests – as LOW as $10.49 USD each ONLY!

Learn AWS with our PlayCloud Hands-On Labs

Tutorials Dojo Exam Study Guide eBooks

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

FREE AWS, Azure, GCP Practice Test Samplers

Follow Us On Linkedin

Recent Posts