Ends in

SITEWIDE SALE! $3 OFF All Reviewers!

IP Blocking: Use AWS WAF or NACL?

IP Blocking: Use AWS WAF or NACL?

What should you do if you identified a series of malicious attacks on your application coming from a specific IP address? Will you use AWS WAF to block that IP address or create a rule in your Network Access Control List to deny traffic from that IP?

It is true that AWS WAF can filter web requests based on IP addresses, HTTP headers, HTTP body, or URI strings, to block common attack patterns, such as SQL injection or cross-site scripting. NACL, on the other hand, acts like a firewall for controlling traffic in and out of your subnets.

If the scenario is more about protecting your application from common web exploits (SQL injection or cross-site scripting), then AWS WAF would be a more suitable choice. Otherwise, you should choose NACL if it explicitly requires the need to block all traffic based on a given IP address or range.

In real-world scenarios, a hacker will not just use a single IP address to attack you. These guys will just use one IP address after the other. This is why it is difficult to individually block a malicious IP address or range using NACL. If you have a private web application (which is only used within your corporate network), the better solution would be to use a whitelist approach where you only allow authorized IP address/range to access your VPC. For public web applications, using the AWS WAF would be a better choice.

Tutorials dojo strip

Additional Reading Materials:



Cheat Sheets on AWS WAF and Amazon VPC:

AWS Training AWS WAF AWS Training Amazon VPC

Note: If you are studying for the AWS Certified Security Specialty exam, we highly recommend that you take our AWS Certified Security – Specialty Practice Exams and read our Security Specialty exam study guide.

Tutorials Dojo portal

Enroll Now – Our AWS Certification Exam Reviewers

AWS Practice Exams Tutorials Dojo

FREE AWS Exam Readiness Digital Courses

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?