veggiespam
commented
6 years ago Closed veggiespam closed 5 years ago
veggiespam
commented
6 years ago 
hvital
commented
5 years ago We've just pushed a new version that includes this PR.
Many thanks!
PS: After starting using the expanded CIDR ranges, we noticed that there is no reason to keep two IP Sets (10,000 range per set) to support this protection. If you create a stack now, you're going to see only one IP Reputation Lists Rule (and IP Set).
On 05 June 2018, AWS WAF added support for additional CIDR ranges; everything /16 to /32 is now allowed. Thus, when loading the reputation lists, the WAF security automation formerly required 11243 ranges across two IP rule sets, but now only needs 3715 ranges inside of a single IP rule set. The code was resilient enough that it deleted the 7528 IP ranges in both sets automatically. The only caveat is that the mass removal took 54 seconds instead of the usual 17 second run time. YMMV.
This pull request only updates the rule-set generation - it does not update the Cloud Formation as that might cause issues for an organization if they rely on having more than one IP Reputation rule set. This pull will, however, speed up the import in the WAF while also speed up the WAF itself as in our case, it removed 7500 comparisons. I leave the updated CF updates to someone else.