What is AWS WAF
AWS WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to your protected web application resources and Protect your web applications from common exploits. AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.
How AWS WAF Works
You use AWS WAF to control how your protected resources respond to HTTP(S) web requests. You do this by defining a web access control list (ACL) and then associating it with one or more web application resources that you want to protect. The associated resources forward incoming requests to AWS WAF for inspection by the web ACL.
In your web ACL, you create rules to define traffic patterns to look for in requests and to specify the actions to take on matching requests. The action choices include the following:
- Allow the requests to go to the protected resource for processing and response.
- Block the requests.
- Count the requests.
- Run CAPTCHA or challenge checks against requests to verify human users and standard browser use.
AWS WAF Components
The following are the central components of AWS WAF:
- Web ACLs – You use a web access control list (ACL) to protect a set of AWS resources. You create a web ACL and define its protection strategy by adding rules. Rules define criteria for inspecting web requests and they specify the action to take on requests that match their criteria. You also set a default action for the web ACL that indicates whether to block or allow through any requests that the rules haven't already blocked or allowed. For more information about web ACLs, see Web access control lists (web ACLs).
A web ACL is an AWS WAF resource.
- Rules – Each rule contains a statement that defines the inspection criteria, and an action to take if a web request meets the criteria. When a web request meets the criteria, that's a match. You can configure rules to block matching requests, allow them through, count them, or run bot controls against them that use CAPTCHA puzzles or silent client browser challenges. For more information about rules, see AWS WAF rules.
A rule is not an AWS WAF resource. It only exists in the context of a web ACL or rule group.
- Rule groups – You can define rules directly inside a web ACL or in reusable rule groups. AWS Managed Rules and AWS Marketplace sellers provide managed rule groups for your use. You can also define your own rule groups. For more information about rule groups, see Rule groups. A rule group is an AWS WAF resource.
Implementing AWS WAF
Create a WEB ACL
Open WAF service and click on "Create WEB ACL"
Start filling the details and select the Amazon Cloud front distributions and then select the AWS Resources option. I have already created cloud front for the demo.
Select the Cloud front from the list and click on Add.
Click on Next, we will add Rules later.
Click on Next, Will also configure rule priority later.
We don't want metrics, will select disable option and proceed with next
The final page is for review, at the end of the page select "Create WEB ACL".
Add IP with in IP Sets to block IPs
Select IP Set section
Provide IP Set name and the IP addresses in CIDR format per line
This will create a rule set kind of database which we will use to either allow or block traffic.
Create Rule Group
Select Rule groups and click on "Create Rule Group".
In the following page we need to name the Rule group and click on next.
In the following section(below image) we will be adding the actual rule to either allow, block, count, CAPTHA or challenge.
We are basically creating
regular rule to
match the statement and
if the IP originates
from any of the IP from the BlacklistedIps IP Set
then take Action to block.
Click on Add rule to proceed
We will select the rule and click on Next keeping default values.
Since we have only one rule we will simply select the rule and click on Next. If you have multiple rule you can set/manage the rule priority here.
Review the steps and click on create rule group.
- So far we have created IP Set - kind of database
- Created Ruleset - what to do and when to do
- and now it is time to attach this rule to the WAF
Attach rule to WAF
Select the WAF from the dashboard.
We will add the rule group that we have already created. Select "Add my own rules and rule groups"
We have different rule types, You can play around the rule type as per your requirements. For the demo we will go with Rule group, since we already have created one.
Select the Rule group and click on Add rule.
Time to test
Go the Web URL or the Cloudfront distrubution domain name to access the site.
You will get 403: Error and showing request is blocked.
Use Cases
Web Application Protection: AWS WAF helps protect web applications from common web exploits, such as SQL injection, cross-site scripting (XSS), and distributed denial-of-service (DDoS) attacks.
Bot Management: AWS WAF can be used to detect and block malicious bots, preventing them from causing harm or consuming excessive resources.
Content Filtering: AWS WAF allows you to control the content that users can access on your web applications by filtering out unwanted or malicious content.
Rate Limiting: AWS WAF enables you to set rate-based rules to limit the number of requests from specific IP addresses or user agents, protecting against brute force attacks or excessive traffic.
Compliance and Regulatory Requirements: AWS WAF helps meet compliance requirements by providing protection against known vulnerabilities and attacks, ensuring the security of sensitive data.
API Protection: AWS WAF can be used to protect APIs from unauthorized access, API abuse, and injection attacks.
Geo-blocking: AWS WAF allows you to block or allow traffic based on the geographic location of the requester, helping to prevent attacks from specific regions.
Content Security Policy (CSP) Enforcement: AWS WAF can enforce CSP headers to control how content is loaded and executed in web applications, preventing cross-site scripting (XSS) attacks.
References
https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rules.html
https://docs.aws.amazon.com/waf/latest/developerguide/waf-rules.html
https://crishantha.medium.com/aws-web-application-firewall-waf-ef3d46049a66
Top comments (0)