Wednesday, October 22, 2025

AWS - WAF

AWS Web Application Firewall (WAF) is a managed security service that protects your web applications and APIs from common Layer 7 (HTTP/S) threats and exploits.

It lets you define rules that filter, allow, or block requests based on conditions like:

  • IP addresses

  • HTTP headers

  • Query strings

  • URI paths

  • Request size

  • SQL injection attempts

  • Cross-site scripting (XSS)

Where AWS WAF Can Be Deployed

You can associate WAF with:

  • Amazon CloudFront (global CDN layer)

  • Application Load Balancer (ALB)

  • API Gateway

  • AWS AppSync

  • AWS Verified Access

Key Features

  1. Rule-based filtering

    • Managed rule groups (by AWS & AWS Marketplace vendors).

    • Custom rules (e.g., block specific IPs, allow only certain countries).

  2. Protection against OWASP Top 10

    • SQLi, XSS, bad bots, etc.

  3. Rate-based rules

    • Throttle traffic (e.g., block IPs sending > 1000 requests in 5 minutes).

  4. Bot Control

    • Detects & blocks automated bots and scrapers.

  5. Visibility & Monitoring

    • Integration with Amazon CloudWatch & AWS Kinesis Firehose for logging.

Example Use Cases

  • Protect an e-commerce site against SQL injection.

  • Block traffic from specific countries (GeoMatch).

  • Rate-limit APIs to prevent DDoS-style floods.

  • Allow only corporate IP ranges to access admin endpoints.

Example Rule (JSON snippet)

This rule blocks requests with script in the query string (to stop simple XSS):

{
  "Name": "BlockXSS",
  "Priority": 1,
  "Action": { "Block": {} },
  "Statement": {
    "ByteMatchStatement": {
      "SearchString": "script",
      "FieldToMatch": { "QueryString": {} },
      "TextTransformations": [
        { "Priority": 0, "Type": "URL_DECODE" }
      ],
      "PositionalConstraint": "CONTAINS"
    }
  },
  "VisibilityConfig": {
    "SampledRequestsEnabled": true,
    "CloudWatchMetricsEnabled": true,
    "MetricName": "BlockXSS"
  }
}

AWS WAF vs AWS Shield

  • AWS WAF → Protects against application layer attacks (Layer 7).

  • AWS Shield → Protects against DDoS (Layer 3/4).


-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

CI/CD - Safe DB Changes/Migrations

Safe DB Migrations means updating your database schema without breaking the running application and without downtime . In real systems (A...

  • Understanding XML Schema - XSD
    XML Schema - An XML schema describes the structure of an XML document. XML schema language also referred as XML schema definition(XSD). ...
  • Architecture - Some Important Concepts of DDD
    ✅ 1. Domain Events Domain events model things that happen inside the domain and allow other parts of the system to react. Use cases Send em...
  • Web API Facts
    Web Api is REST based service on web works on http or https. REST - Representational State Transfer  Facts  Rest Facts Client-Server model: ...