WAF

  • Note

    AWS WAF is a web application firewall that monitors HTTP(S) requests directed to Amazon CloudFront distributions, Amazon API Gateway REST APIs, Application Load Balancers, or AWS AppSync GraphQL APIs.

    Web ACLs

    A web access control list helps protect a group of AWS resources. You add rules to define your defense strategy when you create web ACLs—these rules define how AWS inspects web requests. You can set default actions to indicate if the ACL should allow or block requests based on the inspection rules.

    The criteria for allowing or blocking a request may include its origin IP, origin country, identified malicious scripts, regular expressions, or request size. You can also block requests exceeding a limit within five-minute periods.

    Rules

    Each rule group and web ACL uses rules to define web request inspection and responses. Rules must have top-level statements—sometimes containing nested statements. The rules are in JSON format and provide inspection instructions.

    Web ACL rules for managing HTTP requests may use various criteria such as suspicious scripts, malicious IP addresses and address ranges, geographical origins, length of query strings, suspicious SQL code, and more. These rules can help prevent various attacks, including cross-site scripting and SQL injection. You can also reuse labels from existing web ACL rules.

    Rule Groups

    A rule group is a collection of rules that web ACLs can reuse. You can use AWS-managed, third-party managed, or custom rule groups that you maintain. Both web ACLs and rule groups contain rules defined in the same way. However, a rule group differs from a web ACL because it lacks reference statements and is reusable in different ACLs (web ACLs are not reusable).

    Rule groups also lack default actions—you have to define actions for each rule. Another difference from web ACLs is that you don’t associate rule groups directly with AWS resources—you have to use a rule group within an ACL to protect a resource.

  • STEPS

    1. configure load balancer

    1. create VPC

    2. create internet gateway

    3. Attach VPC to the internet gateway

    4. create subnet

    5. create Route table

    6. Do subnet associations to the route table

    7. Assign the Internet gateway we have created to the route table

    8. EC2 - Don't need to create EC2 instances

    9. create Target Group

    10. Create Load balancer

    • 1. select 'Application load balancer' option
    • 2 select 'internet-facing' option under 'scheme'
    • 3. create security group for load balancer and enable port 80 and 443
    • 4. select your target group under 'Listeners and routing' section
    • 5 press 'Create Load Balancer' button

    11. Goto 'Load balancer' section , copy the DNS name and paste in the browser

    2. Configure WAF

    1. go to WAF and shield link (search the service)

    1. create Web ACLs

    1. click on Web ACLs link (from left menu)

    2. select resource type under Add AWS resources

    3. add rules and rule groups

    4. IP sets : go to IP sets link (from left menu), create new IP sets and assign to ACL rules

    5. select default ACL action

    6. set rule priority (from left menu)

    7. configure metrics (from left menu)

    8. press 'create web ACL' button

    Test the WAF

    1. ensure the configuration

    1. go to WAF ACL and select the ACL from the list

    2. ensure the Associated AWS resources : goto 'Associated AWS resources' tab

    3. ensure the rule : go to 'Rules' tab

    2. test the http request

    1. go to load balancer console

    2. copy the 'DNS name'

    3. paste the url to the browser