Behnaz shows you how to
mitigate DDoS using
CloudFront geo restriction


How do I use Amazon CloudFront geo restriction to whitelist or blacklist a country to restrict or allow users in specific locations from accessing web content?

You can use the geo restriction feature, also known as geoblocking, to prevent users in specific geographic locations from accessing content that you're distributing through a CloudFront web distribution.

When a user requests your content, CloudFront typically serves the requested content regardless of where the user is located. If you want to prevent users in specific countries from accessing your content, you can use the CloudFront geo restriction feature to do one of the following:

  • Allow users to access your content only if they're in one of the countries on a whitelist of approved countries.
  • Prevent users from accessing your content if they're in one of the countries on a blacklist of banned countries.

To whitelist or blacklist a country using CloudFront geo restriction:

  1. From the CloudFront console, choose the distribution that you want to apply a country restriction to.
  2. Choose the Restriction tab, and then choose Edit.
  3. From Enable-Restriction, choose Yes, and then choose Yes, Edit.
  4. For Restriction Type, choose Whitelist or Blacklist, select your countries, choose Add, and then choose Yes, Edit.

For additional information, see Restricting the Geographic Distribution of Your Content.

Note: Make sure that your ELB security group has restricted HTTP/HTTPS access to the CloudFront distribution to prevent access to your load balancer.

For information on DDoS protection and using AWS Shield, see AWS Shield Advanced Distributed Denial of Service (DDoS) Protection.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-01-27