Post by Mile Stojaković 
April 12, 2024 | 
In today’s world, when online threats growing daily, setting up a Web Application Firewall (WAF) and a Content Delivery Network (CDN) is crucial for businesses looking to protect their online activity. As such, WAF and CDN services have become essential tools in cybersecurity and performance domains.
Meanwhile, platforms like BinaryEdge and Shodan have become increasingly popular.
These platforms are invaluable for identifying security weaknesses and exposing data on the internet.
Although they serve as powerful tools for security experts to safeguard networks and devices. Hackers can also utilize them to find and target vulnerable sites.
The Critical Step of Blocking Untrusted IP Addresses
To enhance your cybersecurity, properly configuring your web application firewall is vital.
An important part of this configuration is blocking any IP addresses you don’t trust.
This action might seem minor and is often listed as optional or recommended by WAF providers. But it should be mandatory. Platforms like BinaryEdge and Shodan can disclose your site’s IP address, enabling hackers to bypass the WAF and directly attack the origin server.
The best strategy to mitigate this risk involves restricting site access only from Cloudflare’s IP addresses or from IPs of those you trust, like your partners or vendors. Luckily, Cloudflare’s IP addresses rarely change. When updates occur, they are promptly incorporated into the list of IP ranges.
To tackle this challenge head-on, our team developed a simple Python script for automation.
You can find the script in our public GitHub repository.
The Python script is hosted on AWS Lambda periodically checks for changes in the Cloudflare IP range list, and automatically updates the corresponding security groups on our EC2 instance.
If you need any assistance or are interested in automating this and similar tasks with Cloudflare, AWS, or any other vendors, our team is ready to help. Just contact us, and we’ll be there to support you.
