AWS WAF is a Web Application Firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to be allowed/blocked to your web application by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment & maintenance of web security rules.
AWS WAF Concepts
Conditions inspect incoming requests. They can look at the request URI, the query string, a specific HTTP header, or the HTTP method (GET, PUT, and so forth).
Because attackers often attempt to camouflage their requests in devious ways, conditions can also include transformations that are performed on the request before the content is inspected.
Conditions can also look at the incoming IP address & can match a /8, /16, or /24 range. They can also use a /32 to match a single IP address.
Rules reference one or more conditions, all of which must be satisfied in order to make the rule active. For example, one rule could reference an IP-based rule and a request-based rule in order to block access to certain content. Each rule also generates Amazon Cloud Watch metrics.
Actions are part of rules, and denote the action to be taken when a request matches all of the conditions in a rule. An action can allow a request to go through, block it, or simply count the number of times that the rule matches (this is good for evaluating potential new rules before using a more decisive action).
Web ACLs in turn reference one or more rules, along with an action for each rule. Each incoming request for a distribution is evaluated against successive rules until a request matches all of the conditions in the rule, then the action associated with the rule is taken. If no rule matches, then the default action (block or allow the request) is taken.
Get SetUp to use AWS WAF
- Start the Set up a web access control list wizard on the AWS WAF console, and specify the conditions that you want to use to filter web requests such as the IP addresses that the requests originate from and values in the request that are used only by attackers.
- Add the conditions to a rule. Rules let you target exactly the web requests that you want to block or allow; a web request must match all of the conditions in a rule before AWS WAF will block or allow requests based on the conditions that you specify.
- Add the rules to a web access control list (web ACL). This is where you specify whether you want to block web requests or allow them based on the conditions that you added to each rule.
- Specify a default action, block or allow. This is the action that AWS WAF takes when a web request doesn’t match any of your rules.
- Choose the Amazon Cloud Front distribution for which you want AWS WAF to inspect web requests.
Step 1: Start the Wizard
Step 2: Create an IP Match Condition
Step 3: Create a String Match Condition
Step 4: Create a SQL Injection Match Condition
Step 5: Create a Rule and Add Conditions
Step 6: Add the Rule to a Web ACL
Step 7: Associate a Web ACL with a Cloud Front Distribution
Step 8: Clean Up Your Resources
With AWS WAF you pay only for what you use. AWS WAF pricing is based on how many rules you deploy and how many web requests your web application receives. There are no minimum fees and no upfront commitments.
—Ranjit (AWS Solution Architect), TechMinfy!!