AWS Web Application Firewall WAF

AWS Web Application Firewall WAF
AWS WAF is a web-application firewall that protects web applications from attacks. It allows rules to be configured that allow, block or count web requests based upon defined conditions.
AWS WAF protects against common attacks such as SQL injection and Cross-Site Scripting. Conditions include IP addresses, HTTP bodies, HTTP headers, HTTP bodies, and URI strings.
AWS WAF is tightly integrated with CloudFront API Gateway, AppSync, and the Application Load Balancingr (ALB), services used for delivering content to their websites and applications. AWS WAF rules are available in all AWS Edge locations, located around the globe close to the end users.
Blocked requests are blocked before they reach the web servers.
Supports custom origins other than AWS.
AWS WAF with Application load balancerWAF rules runs in the region. It can be used to protect both internal and internet-facing load balancers.
AWS WAF with API GatewayCan help protect and secure REST APIs.
AWS WAF protects applications and can inspect web requests sent over HTTPS or HTTPS.
AWS WAF offers Managed Rules, which are preconfigured rules that protect applications from common threats such as OWASP, bots, Common Vulnerabilities and Exposures.
AWS WAF supports the following behaviours:Allow all requests, except those specified – blacklisting to e.g all IP addresses other than those specified
All requests other than those specified will be blocked – whitelisting is for e.g IP addresses from which the request originated
Count the requests that match specified properties – This allows you to count the requests that match defined properties. This can be useful for testing whether or not new properties allow or block requests. Once you have confirmed that the config didn’t block all traffic to the website, you can apply the configuration to modify the behavior to allow or block requests.
WAF allows you to control the behavior of web requests by creating conditions and rules (web ACLs).
Conditions
Conditions are the basic characteristics you should be looking for in a web requestMaliciousScript – Cross Site Scripting – Attackers embed scripts to exploit vulnerabilities in web applications
Requests originate from IP addresses or ranges of addresses.
Size – The length of the requested parts, such as the query string, is measured in inches.
Malicious SQL – SQL injection – Attackers attempt to extract data from the database using malicious SQL code embedded in a web request
Geographic match – Requests can be allowed or blocked based on the country they originate.
Some conditions can take multiple values.
The AWS WAF rule outlines how to inspect HTTP(S), web requests, and what action to take if it meets the inspection criteria.
Each rule requires one top level statement. This statement may contain nested statements depending on the type of rule.
AWS WAF supports logic statements for AND, OR and NOT. These statements can be combined in a rule.
For example, based upon recent requests from an attacker, you might create the following rule: The requests come from 192.0.2.44.
They contain the BadBot value in the User-Agent header.
They may contain malicious SQL code in their query string.
All three conditions must be met for the Rule to be passed.
A Web Access Control List (Web ACL), provides fine-grained control of all HTTP(S) requests that the protected resource responds.
Web ACLs allows you to combine rules OR group them together
Action – Allow, Block or Count to Perform for Each RuleWAF

Related Posts

Five Surprising Qualities that Can Help You Build Highly Effective Teams

When I was in graduate school, my first job was managing people. It makes me cringe to think back on the things I said, did, and implemented…

5 Steps to Be an Influential Project Manager

As managers, success in any given project is often dependent on our ability to bring people together under a common goal. Of course, you don’t always have…

Five Skills of the Most Successful Project Managers in the World

You’ll likely find information about systems approach to project management in a book on project administration. You know what? This is awesome. I hope you’ll read every…

5 roles that you will need to fill on your AWS big-data team

Are you in the process of building big data teams for your business? Here’s a list of people you need to be part of your data squad…

5 Project Management Steps: Process Group Project Management

There are many ways to manage a project. To manage a project effectively, you need to consider all aspects, from scope and budget to the tasks that…

How to keep the approval process from bogging down your project

The approval process is the most important thing that slows down a project. Your team may be moving at a rapid pace. The next thing you know,…