WAF

Solution Architect Associate

Security Specialty

  • AWS WAF is a web application firewall that allows you to monitor http or https requests that are forwarded to CloudFront or an ALB only (KNOW THIS!!)
    • Provides protection against Layer 7 attacks against these two services (know this!!)
  • You can control access to your content by configuring IP addresses that are allowed to make the request, or what query string parameters need to be passed to teh request to be allowed
    • The ALB or CloudFront will then either allow the requests, or return a 403 HTTP Status Code
  • Allows 3 different behaviors
    • Allow all requests except those we specify
    • Block all requests except those we specify
    • Count the requests that match the properties we specify (so you can make up your mind later)
  • Provides protection against:
    • IP addresses that requests originate from
    • Countries that requests originate from
    • Values in request headers
    • Query String Parameters
    • Length of request
    • Presence of SQL code that is likely to be malicious (SQL Injection)
    • Presence of script that is likely to be malicious (Cross Site Scripting)
  • CloudFront WAFs are Global, but ALB WAFs are Regional (KNOW THIS!!!)
  • IPs can be blocked at a /8, /16, /24 and /32 level
  • IPv4 and IPv6 are supported
  • Don’t forget you have to actually associate a WAF to CF or ALBs, it’s not automatic when you create a WAF
  • You can use the AWS WAF to protect web sites not hosted by AWS through CloudFront as CF supports origins outside AWS
< Previous: Security Token Service Next: Storage >