What is AWS WAF (Web Application Firewall) and how to Setup WAF in AWS account.

Learn what is AWS WAF (Web Application Firewall) and how to Setup WAF in AWS account using AWS Management console.

No comments

It is always a good practice to monitor and make sure your applications or website are fully protected. AWS cloud provides you a service known as AWS WAF that Protect your web applications from common web exploits.

Lets learn everything about AWS WAF ( Web Application Firewall )

Table of Content

  1. What is AWS WAF( Web Application Firewall) ?
  2. Components of AWS WAF ( Web Application Firewall)
  3. Prerequisites
  4. Getting started with AWS WAF ( Web Application Firewall)
  5. Conclusion

What is AWS WAF ?

AWS WAF stands for Amazon Web services Web Application Firewall. Using AWS WAF you can monitor all the HTTP or HTTPSrequests that are forwarded to Amazon Cloud Front , Amazon Load balancer , Amazon API Gateway REST API etc. from users. It also controls who can access the required content or data based on specific conditions such source IP address etc.

AWS WAF Protect your web applications from common web exploits.

Benefits of AWS WAF

  • This is helpful when you want Amazon Cloud Front , Amazon Load balancer , Amazon API Gateway REST to provide the content or serve content to particular users or block particular users.
  • You can configure AWS WAF to count the requests that match those properties without allowing or blocking those requests
  • Protects you from web attacks using conditions you specify.
  • It provides you real time metrics and details of web requests.

Components of AWS WAF

AWS WAF service contains some important components , lets discuss each of them now.

web ACL (web Access Control List) : It is used to protect set of AWS Resources. After you create web ACL you add rules inside it. Rules define specific conditions which are applied on web requests coming from users and how to handle these web requests. You also set default action in web ACL whether to allow or block requests that passes these rules.

Rules : Rules contains statements which define the criteria. IF criteria is matched then the web requests are allowed else they are blocked. Rule are based on some criteria like IP addresses or address ranges , Country or geographical location, Strings that appear in the request etc.

AWS Managed Rules rule group : You can use rules individually or in reusable rule groups. There are two types of rules AWS Managed rule groups or Managing your own rule groups

IP sets and regex pattern sets: AWS WAF stores some more complex information in sets that you use by referencing them in your rules.

  • An IP set is a group of IP addresses and IP address ranges that you want to use together in a rule statement. IP sets are AWS resources.
  • A regex pattern set provides a collection of regular expressions that you want to use together in a rule statement. Regex pattern sets are AWS resources.

Prerequisites

  • You must have AWS account in order to setup AWS WAF . If you don’t have AWS account, please create a account from here AWS account.
  • You must have IAM user with Administrator rights and setup credentials using AWS CLI or using AWS Profile.

Getting started with AWS WAF

In order to work and setup AWS WAF , the most important component is to create Web ACL. In AWS WAF there is nothing like WAF which gets created its just the name of the service that works with CloudFront, Load balancer and many more services. Lets get started.

Creating a Web ACL

You use a Web Access Control list (ACL) to protect a set of AWS resources. You create a web ACL and define its by adding the rules such to block or allow and to which extent it should allow or block it. You can use individual rule or groups of rule. To create Web ACL.

  • Open your favorite web browser and navigate to the AWS Management Console and log in.
  • While in the Console, click on the search bar at the top, search for ‘WAF’, and click on the WAF menu item.
  • Now click on Create Web ACL
  • Now Provide the Name , Cloud Watch metric Name and Resource type as choose CloudFront distributions.
  • Next, Click on Add AWS Resources and select the CloudFront distribution which already have and then hit NEXT
  • Now , In Add rules and rule groups select Add my own rules and rule groups that means you need to Add the Values by your own.
    • Provide the name as myrule123
    • In Type choose Regular Rule
    • Inspect as Header
    • Header field as User-Agent
  • Select if a request as matches the statement for this tutorial however you can also use other available options such as Create a string match condition , geo match condition or an IP match condition .
  • While building the rules there are 3 types of Rule Actions options available such as
    • Count: AWS WAF counts the request but doesn’t determine whether to allow it or block it
    • Allow: AWS WAF allows the request to be forwarded to the protected AWS resource
    • Block: AWS WAF blocks the request and sends back to the client.
  • You can instruct AWS WAF to insert custom headers into the original HTTP request for rule actions or web ACL default actions that are set to allow or count. You can only add to the request. You can’t modify or replace any part of the original request
  • Hit the next button till the end and then Create Web ACL
  • The above rules you added were manual rules which you added, but at times you need to add AWS Managed rules, to do that select AWS Managed rules and select and then
  • So Your Web ACL is Ready and should look like as below.

AWS WAF service contains the most important component that is to Web ACL which you created and inside that you created the rule and applied them. Once Web ACL is created with rules then this you assign these Web ACL’s with CloudFront , Load Balancer etc. to save them from getting exploited from attacks.

Conclusion

In this tutorial you learned about AWS WAF that is Web Application Firewall and how to setup in Amazon cloud. It is very important to protect your website from attacks. So which Website do you plan to protect ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s