Blocking *.amazonaws.com hosts

Hello.
I get a lot of trafic from amazon IPs and with PHP I can see that IP hostname is like:

ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com

So I tried to trigger a captcha if host contains .amazonaws.com but it doesn’t seem to match.

(http.host contains “.amazonaws.com”)

Isn’t that “host” rule what I think it is ?

The host refers to the hostname sent along, which will be your domain.

You will need to block by IP or ASN.

It looks like the amazon IPs I see use AS14618, do you know if this usually contains all EC instances ? Or it is more like an IP class and they have many ASXXXXX ?
Thanks.

That ASN does belong to Amazon. If it is the only one you are getting requests from it should be okay to either block or - maybe better - captcha challenge it.

There is another ASN where I get requests from -> 16509

Yes, I set it to captcha challenge. They make many downloads on the site.
The ~30 recent download abusers I found were using AS14618, I will keep an eye to see different ones showing up (like AS16509).
Thanks.

I added a feature request to block/manage by IP hostname matches:

(Maybe someone that needs this^ would reach this topic).