Posted On: Oct 16, 2017
Today, we are excited to announced new Geographic (Geo) Match Conditions in AWS WAF. This new condition type allows you to use AWS WAF to restrict application access based on the geographic location of your viewers. With geo match conditions you can choose the countries from which AWS WAF should allow access.
Geo match conditions are important for many customers. For example, legal and licensing requirements restrict some customers from delivering their applications outside certain countries. These customers can now configure a whitelist that allows only viewers in those countries. Other customers need to prevent the downloading of their encrypted software by users in certain countries. These customers can configure a blacklist, so that end-users from those countries are blocked from downloading their software.
Geo match conditions can be combined with other AWS WAF rules to build sophisticated filtering policies. Customers who want to block certain geographies while still allowing certain developer IP addresses from those locations can now combine geo and IP match conditions to allow only authorized users. Other customers who want to prioritize users in their primary geography to optimize resource consumption can combine geo match conditions with AWS WAF rate-based Rules. These customers can set a higher rate limit for end users in preferred countries while setting a lower rate limit for others.
Getting started with geo match conditions is easy. Simply create a geo match condition using the AWS WAF API or AWS Management Console and add it to an existing or new AWS WAF rule. If AWS WAF receives a request from the specified countries, it will perform the action specified by the rule, such as counting the request or blocking access and responding with a 403 Forbidden HTTP response.
Geo match is available to AWS WAF customers at no additional charge. As with other AWS WAF features, you pay only for what you use and there are no upfront fees or minimum monthly commitments. You can learn more about geo match conditions by visiting the AWS WAF detail page or by reading the AWS WAF Developer Guide.