their is an ALB associated with WAF. This ALB will be called by both public and other internal IPs.
I have enabled GEO Matching rule to allow only ["US"] calls. but the internal private IP don't get labelled with any country. and it is getting blocked.
how to exclude internal IPs.
You could create an IP set for your internal IP addresses and create a rule to allow it:
Create IP set
in the upper right cornerAllowed internal IPs
Web ACL
> Add rule
> Add my own rule
If a request matches a statement
> Inspect -> Originates from an IP address in
-> IP set - select previously created IP setSave