[Solved] If an AWS WAF Web ACL has two rules:1) Allow requests from IP 203.0.113.0/242) Block requests containing 'badbot' in User-Agent headerWhat happens to a request from IP 203.0.113.... | AWS

AWS - Advanced Security

If an AWS WAF Web ACL has two rules:
1) Allow requests from IP 203.0.113.0/24
2) Block requests containing 'badbot' in User-Agent header
What happens to a request from IP 203.0.113.5 with User-Agent 'badbot crawler'?

ARequest is allowed due to IP allow rule

BRequest is blocked due to User-Agent rule

CRequest is counted but allowed

DRequest is blocked only if rules have same priority

Step-by-Step Solution

Solution:

Step 1: Understand rule evaluation order
AWS WAF evaluates rules in order of priority (lower number first). Block rules take precedence over allow rules if both match.
Step 2: Check request against rules
Request matches both rules, but block rule has higher priority or overrides allow, so request is blocked.
Final Answer:
Request is blocked due to User-Agent rule -> Option B
Quick Check:
Block rules override allow when matched = B [OK]

Quick Trick: Block rules take precedence over allow when both match [OK]

Common Mistakes:

Assuming block always loses to allow
Ignoring rule priority order
Thinking both rules must match to block

Master "Advanced Security" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More AWS Quizzes

If an AWS WAF Web ACL has two rules:

Step 1: Understand rule evaluation order

Step 2: Check request against rules

Final Answer:

Quick Check:

Want More Practice?