What is AWS WAF (Web Application Firewall) and how to Setup WAF in AWS account.

Are you sure if your applications or website are fully secure and protected? If not, you are at the right place to learn about Amazon web service Web Application Firewall (AWS WAF) that protects your web applications from common web exploits in the best effective way.

AWS WAF allows you to monitor all the HTTP(S) requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, an Application Load Balancer, and takes actions accordingly.

This tutorial will teach what AWS WAF (Web Application Firewall) is and how to set up WAF in an AWS account. Let’s dive in and get started.

Join 46 other followers

Table of Content

  1. What is Amazon web service Web Application Firewall (AWS WAF) ?
  2. Benefits of AWS WAF
  3. Components of AWS WAF
  4. AWS WAF Web ACL (Web Access Control List)
  5. AWS WAF rules
  6. AWS Managed Rules rule group
  7. IP sets and regex pattern sets
  8. Prerequisites
  9. How to create AWS WAF (Web Application Firewall) and AWS WAF rules
  10. Conclusion

What is Amazon web service Web Application Firewall (AWS WAF) ?

AWS WAF allows you to monitor all the HTTP or HTTPS requests forwarded to Amazon Cloud Front, Amazon Load balancer, Amazon API Gateway REST API, etc., from users. AWS WAF controls who can access the required content or data based on specific conditions such as source IP address etc., and protects your applications from common web exploits.

Benefits of AWS WAF

  • AWS WAF is helpful when you want Amazon Cloud Front, Amazon Load balancer, Amazon API Gateway REST to provide the content or serve content to particular users or block particular users.
  • AWS WAF allows you to count the requests that match properties specified without allowing or blocking those requests
  • AWS WAF protects you from web attacks using conditions you specify and also provides real time metrics and details of web requests.
AWS WAF architecture and working
AWS WAF architecture and working

Components of AWS WAF

AWS WAF service contains some important components; let’s discuss each of them now.

AWS WAF Web ACL (Web Access Control List)

AWS WAF Web ACL allows protecting a set of AWS Resources. After you create a web ACL, you need to add AWS WAF rules inside it.

AWS WAF rules define specific conditions applied to web requests coming from users and how to handle these web requests. You also set default action in web ACL to allow or block requests that pass these rules.

AWS WAF rules

AWS WAF rules contain statements that define the criteria, and if the criteria are matched, then the web requests are allowed; else, they are blocked. The rule is based on IP addresses or address ranges, country or geographical location, strings that appear in the request, etc.

AWS Managed Rules rule group

You can use rules individually or in reusable rule groups. There are two types of rules: AWS Managed rule groups and managing your own rule groups.

IP sets and regex pattern sets

AWS WAF stores complex information in sets you use by referencing them in your rules.

  • An IP set is a group of IP addresses and IP address ranges of AWS resources that you want to use together in a rule statement.
  • A regex pattern set provides a collection of regular expressions that you want to use together in a rule statement. Regex pattern sets are AWS resources.

Prerequisites

  • You must have AWS account in order to setup AWS WAF. If you don’t have AWS account, create a AWS account from here AWS account.
  • IAM user with Administrator rights and setup credentials using AWS CLI or using AWS Profile.

How to create AWS WAF (Web Application Firewall) and AWS WAF rules

Now that you have a basic idea of AWS WAF and the components of AWS WAF. To work with AWS WAF, the first thing you need to create is Web Access Control List (ACL) and further add the WAF rules ( individual rules or groups of rules ) such as blocking or allowing web requests.

In this section, let’s learn how to create and set up AWS WAF and create a Web ACL.

  • To create Web ACL open your favorite web browser and navigate to the AWS Management Console and log in.
  • While in the console, click on the search bar at the top, search for WAF, and click on the WAF menu item.
Searching for AWS WAF
Searching for AWS WAF
  • Now further click on on Create Web ACL button as shown below.
Creating a Web ACL
Creating a Web ACL
  • Next provide the Name, cloud Watch metric name of your choice and choose Resource type as CloudFront distributions.

This tutorial already had one CloudFront Distribution in place which will be used If you need to create the cloud Distribution follow here

Cloud Distribution in AWS account
Cloud Distribution in AWS account
  • Next, Click on Add AWS Resources and select the CloudFront distribution and hit NEXT.
Selecting the CloudFront distribution in AWS WAF
Selecting the CloudFront distribution in AWS WAF
  • Further In Add rules and rule groups section choose Add my own rules and rule groups and provide the values as shown below.
    • Name as myrule123
    • Type as Regular Rule
    • Inspect as Header
    • Header field as User-Agent
    • if a request as matches the statement
Adding rules and rule groups in AWS WAF
Adding rules and rule groups in AWS WAF
Defining the values of AWS WAF rules and rule groups
Defining the values of AWS WAF rules and rule groups
  • While building the rules there are 3 types of Rule Actions options available such as
    • Count: AWS WAF counts the request but doesn’t determine whether to allow it or block it
    • Allow: AWS WAF allows the request to be forwarded to the protected AWS resource
    • Block: AWS WAF blocks the request and sends back to the client.
  • Choose Count as the rule action.
Choosing the rule action
Choosing the rule action

You can instruct AWS WAF to insert custom headers into the original HTTP request for rule actions or web ACL default actions that are set to allow or count.

  • Finally hit the next button till end and then Create Web ACL.
Creating the Web ACL
Creating the Web ACL
  • The rules you added previous are manual rules, but at times you need to add AWS Managed rules, to do that select AWS Managed rules.
Adding AWS WAF Managed rules
Adding AWS WAF Managed rules
  • Now the AWS Web ACL is should look like as showb below with both managed and your own created AWS WAF rules.
Viewing the AWS WAF with both managed and your own created AWS WAF rules
Viewing the AWS WAF with both managed and your own created AWS WAF rules

Conclusion

In this tutorial, you learned AWS WAF service, WAF components such as AWS Web ACL, the WAF rules, and applied to WAF web ACL.

You also learned how to apply AWS WAF web ACL on CloudFront to protect your websites from getting exploited from attacks.

So now, which applications and websites do you plan to protect next using AWS WAF?

One thought on “What is AWS WAF (Web Application Firewall) and how to Setup WAF in AWS account.

  1. Pingback: How to Setup AWS WAF and Web ACL using Terraform on Amazon Cloud

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s