Announcing ASN match support for Amazon WAF
Amazon WAF now supports matching incoming request against Autonomous System Numbers (ASNs). By monitoring and restricting traffic from specific ASNs, you can mitigate risks associated with malicious actors, comply with regulatory requirements, and optimize the performance and availability of your web applications. This new ASN Match Statement integrates seamlessly with existing WAF rules, making it easy for you to incorporate ASN based security controls into your overall web application defense strategy.
You can specify a list of ASNs to match against incoming request and take appropriate action such as block or allow the request. You can also use ASN in your rate-based rule statements. These rules aggregate requests according to your criteria, counts and rate limits the requests based on the rule's evaluation window, request limit, and action settings.
ASN Match statement is available in all the Amazon Web Services regions, including the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD where Amazon WAF is available. The rate-based rule support with ASN is available in regions where the enhanced rate-based rules are currently supported. There is no additional cost for using ASN in Match statement and rate-based rules, however standard Amazon WAF charges still apply. For more information about the service, visit the Amazon WAF page. For more information about pricing, visit the Amazon WAF Pricing page.