AWS – Support for X-Forwarded-For (XFF) header is now available for AWS WAF
AWS WAF now supports inspecting the X-Forwarded-For (XFF), True-Client-IP, or other custom header that includes the originating IP address of a client connecting to your application through an HTTP proxy or a third-party CDN. With this feature, you can reference these headers to write rate-based rules, geographic match rules, or IP match rules, allowing you to take action on IPs that are found within these headers. Both IPv4 and IPv6 addresses are supported.
Read More for the details.