It can only be associated with ALB, CloudFront and API Gateway.Īdditionally, when you think about it deep enough, you might start wondering how can you test if your WAF works perfectly if you have opted the BLOCK WebACL action.
WAF cannot be associated with EC2 instance directly. Such as an API Gateway, CloudFront distribution, an ALB. Which can be one of BLOCK, ALLOW or COUNT.Īssociation : The entity to which rules and rule statements belong to. WebACL : All the rules and rule statements fit under the WebACL, additionally you can also assign a default action on the ACL. The first one is defining your own rules, the second is to use AWS defined rules. Rules play a very important role, there are 2 ways of adding rules to your distribution.
This blocks malicious actors from using too many resources and increasing the cost of running your distribution. There are also rate based rules (number of requests from a source). These can be multiple operations with OR/AND/NOT association.
Rules : Allows us to perform certain operations on the conditions. Rule Statements : Conditions for the the inbound traffic to your distribution. WAF works by detecting activity which imitates users which perform SQLi attacks, XSS (Cross side scripting) and DDoS attacks. It protects against web attacks on the basis of user defined characteristics, which are : If the query string doesn't match the format then WAF returns a 403 error code. You can configure which IPs can make a request, more specifically, it allows you to blacklist malicious IPs for added security since WAF only protects against common exploits and attackers can get quite creative with their approaches we can also configure according to the query string parameters (parameters passed in URL). It does so by monitoring HTTP and HTTPS requests directed towards our CloudFront distribution, ALB or API gateway.
It does not allow seemingly malicious looking traffic through it, like the guards at the gates of our city will not let anyone who looks to be suspicious, or looks like they have intention to cause harm to the city and its citizens (in this case, the network's traffic). Just like all firewalls, we can imagine WAF like a layer of protection around our deployment, like a city surrounded by protective walls. AWS WAF or Web Application Firewall as the name suggests is a firewall which protects our applications or APIs from web exploits and bots which can be used to launch a DDoS attack on your deployment. AWS offers a wide range of services, out of which some are specifically built for security of our deployments and saves us from the hassle of setting up a security infrastructure from the developer's end.
0 kommentar(er)
