search

amazon-archives / aws-waf-sample

This repository contains example scripts and sets of rules for the AWS WAF service. Please be aware that the applicability of these examples to specific workloads may vary.
MIT No Attribution
512 stars 235 forks source link

IPSet limit fix #7

Closed mikegchambers closed 8 years ago

mikegchambers commented 8 years ago

Added 15 IPSets to allow for the aprox 12k CIDR ranges currently produced from the 3 source lists.

To accomodate this volume of CIDR ranges changed to 3 Rules with 5 IPSets each and changed each Condition to ‘negated’, Rules to ALLOW, and default ACL action to BLOCK.

This structure change gets around the hard account limits as described here: http://docs.aws.amazon.com/waf/latest/developerguide/limits.html

… given the constraints of WAF as described here: “If you add more than one predicate to a rule, a request must match all conditions in order to be allowed or blocked.” http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resour ce-waf-rule.html#cfn-waf-rule-predicates

Also set the Lambda NodeJS version to 4.3 to avoid warning message in console.

mikegchambers commented 8 years ago

Darn it, this still doesn't work. As far as I can see there is no way to fix the IPSet limit issue unless AWS change the way that WAF works. :(