AWS Web Application Firewall WAF

AWS Web Application Firewall WAF
AWS WAF is a web-application firewall that protects web applications from attacks. It allows rules to be configured that allow, block or count web requests based upon defined conditions.
AWS WAF protects against common attacks such as SQL injection and Cross-Site Scripting. Conditions include IP addresses, HTTP bodies, HTTP headers, HTTP bodies, and URI strings.
AWS WAF is tightly integrated with CloudFront API Gateway, AppSync, and the Application Load Balancingr (ALB), services used for delivering content to their websites and applications. AWS WAF rules are available in all AWS Edge locations, located around the globe close to the end users.
Blocked requests are blocked before they reach the web servers.
Supports custom origins other than AWS.
AWS WAF with Application load balancerWAF rules runs in the region. It can be used to protect both internal and internet-facing load balancers.
AWS WAF with API GatewayCan help protect and secure REST APIs.
AWS WAF protects applications and can inspect web requests sent over HTTPS or HTTPS.
AWS WAF offers Managed Rules, which are preconfigured rules that protect applications from common threats such as OWASP, bots, Common Vulnerabilities and Exposures.
AWS WAF supports the following behaviours:Allow all requests, except those specified – blacklisting to e.g all IP addresses other than those specified
All requests other than those specified will be blocked – whitelisting is for e.g IP addresses from which the request originated
Count the requests that match specified properties – This allows you to count the requests that match defined properties. This can be useful for testing whether or not new properties allow or block requests. Once you have confirmed that the config didn’t block all traffic to the website, you can apply the configuration to modify the behavior to allow or block requests.
WAF allows you to control the behavior of web requests by creating conditions and rules (web ACLs).
Conditions
Conditions are the basic characteristics you should be looking for in a web requestMaliciousScript – Cross Site Scripting – Attackers embed scripts to exploit vulnerabilities in web applications
Requests originate from IP addresses or ranges of addresses.
Size – The length of the requested parts, such as the query string, is measured in inches.
Malicious SQL – SQL injection – Attackers attempt to extract data from the database using malicious SQL code embedded in a web request
Geographic match – Requests can be allowed or blocked based on the country they originate.
Some conditions can take multiple values.
The AWS WAF rule outlines how to inspect HTTP(S), web requests, and what action to take if it meets the inspection criteria.
Each rule requires one top level statement. This statement may contain nested statements depending on the type of rule.
AWS WAF supports logic statements for AND, OR and NOT. These statements can be combined in a rule.
For example, based upon recent requests from an attacker, you might create the following rule: The requests come from 192.0.2.44.
They contain the BadBot value in the User-Agent header.
They may contain malicious SQL code in their query string.
All three conditions must be met for the Rule to be passed.
A Web Access Control List (Web ACL), provides fine-grained control of all HTTP(S) requests that the protected resource responds.
Web ACLs allows you to combine rules OR group them together
Action – Allow, Block or Count to Perform for Each RuleWAF

Related Posts

What to Expect from Entry-Level Data Science Jobs

You might be curious about what an entry-level job in data science will look like if you are thinking of a career as a data scientist. The…

What to Expect from a Entry-Level Cybersecurity Engineer

Are you looking for a job with a good salary that doesn’t require a college education? It might sound impossible or impractical, but it’s not. Many jobs,…

Gain a 1:1 session with an Industry Genius to improve your business skills

It would be great to have a genius answer your questions about your team’s sales compensation plans. Or how to determine where your marketing campaign went wrong….

Future Tech Predictions 2022: Blockchain (Cryptocurrency, NFTs) to IoT (XR or UX).

Businesses will continue to be interested in IoT and blockchain this year. We asked members from CompTIA’s Blockchain Advisory Council as well as the IoT Advisory Council…

Emerging Tech Applications in the COVID New Normal

In just weeks, the threat posed by a growing pandemic as well as a looming recession turned “business as usual” upside-down. These conditions encouraged the rapid adoption…

Part 1: How to land your first tech job without a Tech degree

Share this post Anyone who has tried to find a job, regardless of the field, knows that it is easier to get a job with decent pay…