Wednesday, October 22, 2025

AWS - WAF

AWS Web Application Firewall (WAF) is a managed security service that protects your web applications and APIs from common Layer 7 (HTTP/S) threats and exploits.

It lets you define rules that filter, allow, or block requests based on conditions like:

  1. IP addresses
  2. HTTP headers
  3. Query strings
  4. URI paths
  5. Request size
  6. SQL injection attempts
  7. Cross-site scripting (XSS)

Where AWS WAF Can Be Deployed

You can associate WAF with:

  1. Amazon CloudFront (global CDN layer)
  2. Application Load Balancer (ALB)
  3. API Gateway
  4. AWS AppSync
  5. AWS Verified Access

Key Features

  1. Rule-based filtering

    • Managed rule groups (by AWS & AWS Marketplace vendors).
    • Custom rules (e.g., block specific IPs, allow only certain countries).

  2. Protection against OWASP Top 10

    • SQLi, XSS, bad bots, etc.

  3. Rate-based rules

    • Throttle traffic (e.g., block IPs sending > 1000 requests in 5 minutes).

  4. Bot Control

    • Detects & blocks automated bots and scrapers.

  5. Visibility & Monitoring

    • Integration with Amazon CloudWatch & AWS Kinesis Firehose for logging.

Example Use Cases

  • Protect an e-commerce site against SQL injection.
  • Block traffic from specific countries (GeoMatch).
  • Rate-limit APIs to prevent DDoS-style floods.
  • Allow only corporate IP ranges to access admin endpoints.

Example Rule (JSON snippet)

This rule blocks requests with script in the query string (to stop simple XSS):

{
  "Name": "BlockXSS",
  "Priority": 1,
  "Action": { "Block": {} },
  "Statement": {
    "ByteMatchStatement": {
      "SearchString": "script",
      "FieldToMatch": { "QueryString": {} },
      "TextTransformations": [
        { "Priority": 0, "Type": "URL_DECODE" }
      ],
      "PositionalConstraint": "CONTAINS"
    }
  },
  "VisibilityConfig": {
    "SampledRequestsEnabled": true,
    "CloudWatchMetricsEnabled": true,
    "MetricName": "BlockXSS"
  }
}

AWS WAF vs AWS Shield

  • AWS WAF → Protects against application layer attacks (Layer 7).
  • AWS Shield → Protects against DDoS (Layer 3/4).


-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Node | Cluster Vs Worker Threads

Cluster: Multiple processes (scale app across CPU cores) Worker Threads: Multiple threads (handle CPU-heavy work inside one process) Cluster...

  • Web API Facts
    Web Api is REST based service on web works on http or https. REST - Representational State Transfer  Facts  Rest Facts Client-Server model: ...
  • Architecture - .NET Project Architecture Design Framework
    System development steps and phases  Requirement  🧭 Step 1: Understand the Business and Technical Requirements Tools 🧩 Step 2: Choose the ...
  • EF - N+1 Problem
     ✅ What is the N+1 Query Problem? The N+1 problem occurs when your code runs: 1 query to load a list of parent records + N additional q...