WEB APPLICATION FIREWALL
AWS WAF is a web application firewall that helps to Protects web applications from malicious requests and web attacks.
Published May 8, 2024
AWS WAF is a cloud-based web application firewall that safeguards web applications against malicious requests and protects them from common web exploits.
Integration with Other Services:
- Amazon CloudFront: WAF can be deployed in front of CloudFront, a content delivery network (CDN), to filter malicious traffic at the edge location, closer to the source of the request, improving performance and security.
- Amazon API Gateway: WAF can be integrated with API Gateway to protect your RESTful APIs from unauthorized access and malicious attacks.
Components:
- HTTP(S) Request: This represents incoming traffic to your web application, including headers, methods (e.g., GET, POST), and payloads.
- Web Application Firewall (WAF): This is a security layer that inspects and filters incoming HTTP(S) requests based on a set of rules.
- Conditions: These are defined within WAF rules to specify criteria for matching requests. Examples include checking request headers, parameters, URI paths, geolocation, and IP addresses.
- Rules: WAF rules define actions to take on matching requests. Actions can be to allow, block, or monitor requests.
- Allow/Block: WAF allows legitimate traffic based on the rules and blocks potentially malicious requests.
- AWS Security Logs: WAF can log details about requests for analysis and troubleshooting.
Benefits:
- Security: Protects web applications from various web attacks.
- Scalability: AWS WAF scales automatically to handle traffic surges.
- Managed Rules: AWS offers pre-configured rules to protect against common threats.
- Customization: You can create custom rules to address specific security needs.
WAF Protects From illegitimate requests sent by illegitimate external systems.
The specific details of conditions, rules, and actions might vary depending on your WAF configuration.
Types of WAF Rules:
- Managed Rule Groups: Pre-configured rules provided by AWS that target common web exploits like SQL injection, XSS, and session hijacking.
- Geo IP Rules: Rules that allow or block traffic based on the geographic origin of the request (geolocation).
- Rate Limiting Rules: Rules to prevent denial-of-service (DoS) attacks by limiting the number of requests from a single source within a specific timeframe.
- Custom Rules: You can define custom rules based on specific needs. This might involve checking custom headers, parameters, or request payloads for suspicious patterns
This is the Simple way to understand the Concept Of WAF(Web application Firewall ) In AWS.
Amazon Documentation link for WAF : AWS WAF Documentation (amazon.com)