Domain and IP rule groups - AWS Network Firewall

Domain and IP rule groups

Domain and IP rule groups block HTTP/HTTPS traffic to domains identified as low-reputation, or that are known or suspected to be associated with malware or botnets. Choose one or more of these rule groups to establish domain list protection for your resources.

Each rule name in the table below is appended by either StrictOrder or ActionOrder. A firewall policy's rule evaluation order determines whether you can add StrictOrder or ActionOrder managed rule groups to the policy. For example, you can only add a rule group appended with StrictOrder if the policy uses strict order for its rule evaluation order. In the console, Network Firewall automatically filters the managed rule groups available for you to add to your policy. For information about rule evaluation order, see Evaluation order for stateful rule groups.

Rule name Description and label
AbusedLegitMalwareDomainsStrictOrder, AbusedLegitMalwareDomainsActionOrder Rules that allow you to block requests to a class of domains, which are generally legitimate but are compromised and may host malware. This can help reduce the risk of receiving malware or viruses originating from these sources with poor reputation.
MalwareDomainsStrictOrder, MalwareDomainsActionOrder Rules that allow you to block requests to domains that are known for hosting malware. This can help reduce the risk of receiving malware or viruses originating from these known sources.
AbusedLegitBotNetCommandAndControlDomainsStrictOrder, AbusedLegitBotNetCommandAndControlDomainsActionOrder Rules that allow you to block requests to a class of domains, which are generally legitimate but are compromised and may host botnets. This can help reduce the risk of resources accessing botnets originating from these sources with poor reputation.
BotNetCommandAndControlDomainsStrictOrder, BotNetCommandAndControlDomainsActionOrder Rules that allow you to block requests to domains that are known for hosting botnets. This can help reduce the risk of resources accessing botnets originating from these known sources.