AWS WAF provides a managed Web Application Firewall for your infrastructure to protect your applications from web exploits. To be more specific, AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you have defined.
There is not any development needed to integrate AWS WAF with your infrastructure, it is a plug-and-play solution. It is possible to integrate this solution with AWS Load Balancer, AWS Cloudfront and Amazon API Gateway.
You can add managed rule sets to your AWS WAF for a quick start. These managed rule sets can be managed by AWS or AWS Marketplace Resellers, depending on your choice. The best thing is there is no additional charge for using AWS Managed Rules.
AWS WAF is integrated with Amazon Cloudwatch, which enables you to monitor traffic and rules that are matching
The AWS Threat Research Team maintains the AWS Managed Rules, with the new ones being added as additional threats are identified. You can select rule groups against SQL attacks, for admin protection or based on your operating system. The core rule set covers some of the common threats and security risks described in OWASP Top 10 publication.
You can use geolocation blocking to block access to your site from specific countries or to only allow access from specific countries of your choice. If you want to allow some web requests and block others based on the country of origin, add a geographic match statement for the countries that you want to allow and add a second one for the countries that you want to block.
A rate-based rule tracks the rate of requests for each originating IP address and triggers the rule action on IPs with the rates that go over a limit. You set the limit as the number of requests per 5-minutes time span. You can use this type of rule to put a temporary block on requests from an IP address that is sending excessive requests to your web application endpoints.
It is possible to create a white-listed and black-listed IP set to use on IP matching rules. For example, you can limit specific endpoints or all endpoints of your application to your static office IP address.
It is possible to use rules together for example to rate-limit an endpoint for a specific geo-location or IP whitelisting of your external vulnerability scanning tool on OWASP Top 10 rules to test your application.
In November 2019, AWS introduced various improvements on WAF service. AWS WAF resources, like rules and Web ACLs that have been created before the new release, named as AWS WAF Classic. You can migrate AWS WAF Classic to New AWS WAF and benefit from:
Single API to manage both regional and global WAF resources
Support for extensive logical operations over rules
CIDR range support
Simplified service limits
Shareable components between Web ACLs, such as IP Sets, Rule Groups, Regex Sets
Web ACL Capacity Unit (WCU) calculation for your Web ACLs
Get more information from following links about AWS WAF:
AWS WAF: https://aws.amazon.com/waf
Managed Rule Groups: https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups.html
Managed Rules on AWS Marketplace: https://aws.amazon.com/marketplace/solutions/security/waf-managed-rules
Geographic Matching: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html
IP Set Matching: https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-ipset-match.html
Ready to improve your web application protection and achieve higher security? Book an Appointment now to implement best practices for security!
Once a software developer now an AWS Certified Solutions Architect Professional, Gizem is always eager to take on professional challenges. Her meticulousness at her workings follows her passion for learning and sharing her knowledge with tech-savvy professionals and communities.
We use cookies to offer you a better experience.
We use cookies to offer you a better experience with personalized content.
Cookies are small files that are sent to and stored in your computer by the websites you visit. Next time you visit the site, your browser will read the cookie and relay the information back to the website or element that originally set the cookie.
Cookies allow us to recognize you automatically whenever you visit our site so that we can personalize your experience and provide you with better service.