AWS Web Application Firewall WAF

AWS Web Application Firewall WAF
AWS WAF is a web-application firewall that protects web applications from attacks. It allows rules to be configured that allow, block or count web requests based upon defined conditions.
AWS WAF protects against common attacks such as SQL injection and Cross-Site Scripting. Conditions include IP addresses, HTTP bodies, HTTP headers, HTTP bodies, and URI strings.
AWS WAF is tightly integrated with CloudFront API Gateway, AppSync, and the Application Load Balancingr (ALB), services used for delivering content to their websites and applications. AWS WAF rules are available in all AWS Edge locations, located around the globe close to the end users.
Blocked requests are blocked before they reach the web servers.
Supports custom origins other than AWS.
AWS WAF with Application load balancerWAF rules runs in the region. It can be used to protect both internal and internet-facing load balancers.
AWS WAF with API GatewayCan help protect and secure REST APIs.
AWS WAF protects applications and can inspect web requests sent over HTTPS or HTTPS.
AWS WAF offers Managed Rules, which are preconfigured rules that protect applications from common threats such as OWASP, bots, Common Vulnerabilities and Exposures.
AWS WAF supports the following behaviours:Allow all requests, except those specified – blacklisting to e.g all IP addresses other than those specified
All requests other than those specified will be blocked – whitelisting is for e.g IP addresses from which the request originated
Count the requests that match specified properties – This allows you to count the requests that match defined properties. This can be useful for testing whether or not new properties allow or block requests. Once you have confirmed that the config didn’t block all traffic to the website, you can apply the configuration to modify the behavior to allow or block requests.
WAF allows you to control the behavior of web requests by creating conditions and rules (web ACLs).
Conditions are the basic characteristics you should be looking for in a web requestMaliciousScript – Cross Site Scripting – Attackers embed scripts to exploit vulnerabilities in web applications
Requests originate from IP addresses or ranges of addresses.
Size – The length of the requested parts, such as the query string, is measured in inches.
Malicious SQL – SQL injection – Attackers attempt to extract data from the database using malicious SQL code embedded in a web request
Geographic match – Requests can be allowed or blocked based on the country they originate.
Some conditions can take multiple values.
The AWS WAF rule outlines how to inspect HTTP(S), web requests, and what action to take if it meets the inspection criteria.
Each rule requires one top level statement. This statement may contain nested statements depending on the type of rule.
AWS WAF supports logic statements for AND, OR and NOT. These statements can be combined in a rule.
For example, based upon recent requests from an attacker, you might create the following rule: The requests come from
They contain the BadBot value in the User-Agent header.
They may contain malicious SQL code in their query string.
All three conditions must be met for the Rule to be passed.
A Web Access Control List (Web ACL), provides fine-grained control of all HTTP(S) requests that the protected resource responds.
Web ACLs allows you to combine rules OR group them together
Action – Allow, Block or Count to Perform for Each RuleWAF

Related Posts

Microsoft Power Platform Functional Consultant (PL-202) Certification – Practice Test Launched

Companies are thriving in a data-reliant world because they have millions of data that is recorded with every global sale. Data is created for a purpose. They…

Microsoft Power Platform App Maker (PL-100) Certification Preparation Guide

The Microsoft Power Platform App Maker Certification (PL-100), helps individuals to develop app-making skills that allow them to create solutions for transforming, automating, or simplifying their respective…

Microsoft Power Automate – Your Complete Guide

It doesn’t matter if you are an IT professional or a business user, it is crucial that you create efficient automated processes to increase productivity with Microsoft…

Knowledge Management

It is important to understand the many sources of information within an organization. Knowledge Management is the process of gathering, organizing and refining information within an organization….

Lori MacVittie: Exclusive Interview with Our Cloud Thought Leader – Know What You Know, and Know What It’s Not – Lori MacVittie

Lori MacVittie serves as the Principal Technical Evangelist for F5 Networks. F5 Networks has been her employer for 14 years. Currently, she focuses on how emerging technologies…

Keys to Effective Project Meetings

Meetings and the agenda that drives them should be organized in priority order. This ensures that the most important stuff gets done and that lower priority items…