How To Filter Traffic with AWS Web Application Firewall - Part One
What is AWS Web Application Firewall?
AWS Web Application Firewall is a web application firewall that helps you protect your web applications against common web exploits that might affect availability and compromise security.
WAF helps protect web applications by filtering and monitoring HTTP traffic between a web application and the internet. It typically protects web applications from attacks such as cross-site forgery, cross-site scripting (XSS), file inclusion, and SQL injection, among others
How does it work?
By deploying a WAF for a web application, a shield is placed between the web application and the internet. WAF is a reverse proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.
A WAF operates through a set of rules often called policies. These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic.|
AWS WAF supports and can be used to control how resources like Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer (ALB), or AWS AppSync GraphQL API respond to web requests.
AWS WAF components
Web ACLs — Web Access Control List (Web ACL) is used to protect a set of AWS resources. You create a Web ACL and define its protection strategy by adding rules. Rules define criteria for inspecting web requests and specify how to handle requests that match the criteria. A default action for the Web ACL is a set that indicates whether to block or allow requests that pass the rules inspections. A web ACL is an AWS WAF resource.
Rules — Rules contain a statement that defines the inspection criteria, and an action to take if a web request meets the criteria. When a web request meets the criteria, it is a match. We can use rules to block or allow matching requests. We can also count matching requests using rules.
Rule groups — You can define rules directly inside a web ACL or in reusable rule groups. AWS Managed Rules and AWS Marketplace sellers provide managed rule groups for your use. You can also define your rule groups.
Rule groups are reusable. AWS Managed Rules and AWS Marketplace sellers provide managed rule groups. We can also define our rule groups.
Rule groups are reusable. AWS Managed Rules and AWS Marketplace sellers provide managed rule groups. We can also define our rule groups.
Priority of Rules — If we define more than one Rule in a Web ACL, AWS WAF evaluates each request against the Rules in order based on the Priority value. AWS WAF processes rules with lower priority first. The priorities need not be consecutive, but they must all be different.
AWS Managed Rule groups
AWS WAF Bot control — protection against automatic bots, provides additional visibility through,Cloudwatch, and generates labels that you can use to control bot traffic to your applications (paid rule group, Capacity 50)
Free rule groups
Admin protection — Contains rules that allow blocking external access to admin pages
Amazon IP reputation list — Contains rules based on Amazon threat Intelligence. Useful if you want to block sources associated with bots or other threats
Anonymous IP list — Used to filter out viewers that may try to hide their identity from your applications (e.g. block requests from VPN, proxies, Tor nodes, and hosting providers)
Core rule set — Generally applicable to web applications. This protects a wide range of vulnerabilities, including those described in OWASP publications
I have known Bad inputs — Rules that allow blocking of request patterns that are known to be invalid and associated with exploitations.
Linux operating system — Rules that block request patterns associated with the exploitation of vulnerabilities specific to Linux. Prevent file content exposure and execution of codes by attackers.
Custom rules can be created to block, allow, or count traffic/access which
- Originates from a country
- Originates from a CIDR range
- Requests with a specific header, URI path, or body, And also set whether the traffic that does not match any of the Web ACL rules should be blocked, allowed, or counted.
IP Set: An IP set provides a collection of IP addresses and IP address ranges that you want to use together in a rule statement. IP sets are AWS resources.
AWS WAF charges are based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive.
Web ACL $5.00 per month
Rule $1.00 per month
Request $0.60 per 1 million requests (for inspection up to 1500 WCUs)
AWS WAF charges are based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive.
Web ACL $5.00 per month
Rule $1.00 per month
Request $0.60 per 1 million requests (for inspection up to 1500 WCUs)
AWS WAF web ACL capacity units (WCUs)
Every rule has a relative cost. AWS WAF calculates rule capacity when you create or update a rule. AWS WAF calculates capacity differently for each rule type
Rule group WCUs
The WCU requirements for a rule group are determined by the rules that you define inside the rule group. The maximum capacity for a rule group is 5,000 WCUs.
Conclusion
AWS WAF provides a managed solution to protect your web applications against common exploits and vulnerabilities. By leveraging WAF’s advanced rulesets and integration with services like Application Load Balancer, you can effectively filter malicious web traffic while allowing legitimate users access.
Stay tuned for more.
If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].
Thank you!
Conclusion
AWS WAF provides a managed solution to protect your web applications against common exploits and vulnerabilities. By leveraging WAF’s advanced rulesets and integration with services like Application Load Balancer, you can effectively filter malicious web traffic while allowing legitimate users access.
Stay tuned for more.
If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].
Thank you!