It is always a good practice to monitor and make sure your applications or website are fully protected. AWS cloud provides you a service known as AWS WAF that Protect your web applications from common web exploits.
Lets learn everything about AWS WAF ( Web Application Firewall )
Table of Content
- What is AWS WAF( Web Application Firewall) ?
- Components of AWS WAF ( Web Application Firewall)
- Getting started with AWS WAF ( Web Application Firewall)
What is AWS WAF ?
AWS WAF stands for Amazon Web services Web Application Firewall. Using AWS WAF you can monitor all the
HTTPSrequests that are forwarded to
Amazon Cloud Front ,
Amazon Load balancer ,
Amazon API Gateway REST API etc. from users. It also controls who can access the required content or data based on specific conditions such source IP address etc.
AWS WAF Protect your web applications from common web exploits.
Benefits of AWS WAF
- This is helpful when you want Amazon Cloud Front , Amazon Load balancer , Amazon API Gateway REST to provide the content or serve content to particular users or block particular users.
- You can configure AWS WAF to count the requests that match those properties without allowing or blocking those requests
- Protects you from web attacks using conditions you specify.
- It provides you real time metrics and details of web requests.
Components of AWS WAF
AWS WAF service contains some important components , lets discuss each of them now.
web ACL (web Access Control List) : It is used to protect set of AWS Resources. After you create web ACL you add rules inside it. Rules define specific conditions which are applied on web requests coming from users and how to handle these web requests. You also set
default action in web ACL whether to allow or block requests that passes these rules.
Rules : Rules contains
statements which define the criteria. IF criteria is matched then the web requests are allowed else they are blocked. Rule are based on some criteria like IP addresses or address ranges , Country or geographical location, Strings that appear in the request etc.
AWS Managed Rules rule group : You can use rules
individually or in
reusable rule groups. There are two types of rules AWS Managed rule groups or Managing your own rule groups
IP sets and regex pattern sets: AWS WAF stores some more complex information in sets that you use by referencing them in your rules.
- An IP set is a group of IP addresses and IP address ranges that you want to use together in a rule statement. IP sets are AWS resources.
- A regex pattern set provides a collection of regular expressions that you want to use together in a rule statement. Regex pattern sets are AWS resources.
- You must have AWS account in order to setup AWS WAF . If you don’t have AWS account, please create a account from here AWS account.
- You must have IAM user with Administrator rights and setup credentials using AWS CLI or using AWS Profile.
Getting started with AWS WAF
In order to work and setup AWS WAF , the most important component is to create Web ACL. In AWS WAF there is nothing like WAF which gets created its just the name of the service that works with CloudFront, Load balancer and many more services. Lets get started.
Creating a Web ACL
You use a Web Access Control list (ACL) to protect a set of AWS resources. You create a web ACL and define its by adding the rules such to block or allow and to which extent it should allow or block it. You can use individual rule or groups of rule. To create Web ACL.
- Open your favorite web browser and navigate to the AWS Management Console and log in.
- While in the Console, click on the search bar at the top, search for ‘WAF’, and click on the WAF menu item.
- Now click on Create Web ACL
- Now Provide the
Cloud Watch metric Nameand
Resource typeas choose CloudFront distributions.
- We already have one
CloudFrontDistribution in place. If you need to create the cloud Distribution please refer https://automateinfra.com/2021/04/28/what-is-cloudfront-and-how-to-setup-cloudfront-with-aws-s3-and-alb-distributions/
- Next, Click on
Add AWS Resourcesand select the
CloudFront distributionwhich already have and then hit NEXT
- Now , In
Add rules and rule groupsselect Add my own rules and rule groups that means you need to Add the Values by your own.
- Provide the name as myrule123
- In Type choose Regular Rule
- Inspect as Header
- Header field as User-Agent
if a requestas matches the statement for this tutorial however you can also use other available options such as Create a string match condition , geo match condition or an IP match condition .
- While building the rules there are 3 types of
Rule Actionsoptions available such as
- Count: AWS WAF counts the request but doesn’t determine whether to allow it or block it
- Allow: AWS WAF allows the request to be forwarded to the protected AWS resource
- Block: AWS WAF blocks the request and sends back to the client.
- You can instruct AWS WAF to insert
custom headersinto the original HTTP request for rule actions or web ACL default actions that are set to allow or count. You can only add to the request. You can’t modify or replace any part of the original request
- Hit the next button till the end and then Create Web ACL
- The above rules you added were manual rules which you added, but at times you need to add
AWS Managed rules,to do that select AWS Managed rules and select and then
- So Your
Web ACLis Ready and should look like as below.
AWS WAF service contains the most important component that is to Web ACL which you created and inside that you created the rule and applied them. Once Web ACL is created with rules then this you assign these Web ACL’s with CloudFront , Load Balancer etc. to save them from getting exploited from attacks.
In this tutorial you learned about AWS WAF that is Web Application Firewall and how to setup in Amazon cloud. It is very important to protect your website from attacks. So which Website do you plan to protect ?