AWS MCP Server

Overview Inspect Schema Related Servers Score Discussions

check_ip_in_waf

Verify if an IP address is included in AWS WAF IP Sets for blocklists or allowlists to manage access control and security policies.

Instructions

Checks if an IP address exists in any WAF IP Set (Blocklists/Allowlists).

Input Schema

TableJSON Schema

Name	Required	Description	Default
`ip_address`	Yes	The IP address to check (e.g., 192.168.1.1).

Implementation Reference

src/index.ts:2053-2096 (handler)
The handler function for the 'check_ip_in_waf' tool. It checks if the provided IP address exists in any WAF IP Sets across REGIONAL and CLOUDFRONT scopes by listing IP sets, retrieving their addresses, and using the 'checkIp' utility to verify membership.
if (name === "check_ip_in_waf") { const ip = (args as any)?.ip_address; const scopes: ("REGIONAL" | "CLOUDFRONT")[] = ["REGIONAL", "CLOUDFRONT"]; const foundIn: any[] = []; for (const scope of scopes) { try { const listCmd = new ListIPSetsCommand({ Scope: scope, Limit: 100 }); const listResp = await wafv2Client.send(listCmd); const ipSets = listResp.IPSets || []; for (const setSummary of ipSets) { if (!setSummary.Name || !setSummary.Id) continue; const getCmd = new GetIPSetCommand({ Name: setSummary.Name, Id: setSummary.Id, Scope: scope }); const getResp = await wafv2Client.send(getCmd); const addresses = getResp.IPSet?.Addresses || []; if (checkIp(ip, addresses)) { foundIn.push({ IPSetName: setSummary.Name, IPSetId: setSummary.Id, IPSetARN: setSummary.ARN, Scope: scope, Description: getResp.IPSet?.Description }); } } } catch (err) { console.error(`Error checking WAF scope ${scope}:`, err); } } if (foundIn.length === 0) { return { content: [{ type: "text", text: `IP ${ip} not found in any WAF IP Sets.` }] }; } return { content: [{ type: "text", text: JSON.stringify(foundIn, null, 2) }] }; }
src/index.ts:648-660 (registration)
The tool registration entry in the ListTools response, defining the name, description, and input schema (ip_address as required string).
name: "check_ip_in_waf", description: "Checks if an IP address exists in any WAF IP Set (Blocklists/Allowlists).", inputSchema: { type: "object", properties: { ip_address: { type: "string", description: "The IP address to check (e.g., 192.168.1.1)." } }, required: ["ip_address"] } },
src/index.ts:47-47 (helper)
Import of the 'ip-range-check' library used in the handler to check if an IP belongs to any address range in a WAF IP Set.
import checkIp from "ip-range-check";
src/index.ts:68-68 (helper)
Initialization of the WAFv2 AWS client used by the handler to query IP sets.
const wafv2Client = new WAFV2Client({});

This server cannot be installed

Other Tools

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Bhavesh8890/MCP-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server