Are you sure if your applications or website are fully secure and protected? If not, you are at the right place to learn about Amazon web service Web Application Firewall (AWS WAF) that protects your web applications from common web exploits in the best effective way.

AWS WAF allows you to monitor all the HTTP(S) requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, an Application Load Balancer, and takes actions accordingly.

This tutorial will teach what AWS WAF (Web Application Firewall) is and how to set up WAF in an AWS account. Let’s dive in and get started.

Table of Content

1. What is Amazon web service Web Application Firewall (AWS WAF) ?
2. Benefits of AWS WAF
3. Components of AWS WAF
4. AWS WAF Web ACL (Web Access Control List)
5. AWS WAF rules
6. AWS Managed Rules rule group
7. IP sets and regex pattern sets
8. Prerequisites
9. How to create AWS WAF (Web Application Firewall) and AWS WAF rules
10. Conclusion

What is Amazon web service Web Application Firewall (AWS WAF) ?

AWS WAF allows you to monitor all the HTTP or HTTPS requests forwarded to Amazon Cloud Front, Amazon Load balancer, Amazon API Gateway REST API, etc., from users. AWS WAF controls who can access the required content or data based on specific conditions such as source IP address etc., and protects your applications from common web exploits.

Benefits of AWS WAF

• AWS WAF is helpful when you want Amazon Cloud Front, Amazon Load balancer, Amazon API Gateway REST to provide the content or serve content to particular users or block particular users.
• AWS WAF allows you to count the requests that match properties specified without allowing or blocking those requests
• AWS WAF protects you from web attacks using conditions you specify and also provides real time metrics and details of web requests.

Components of AWS WAF

AWS WAF service contains some important components; let’s discuss each of them now.

AWS WAF Web ACL (Web Access Control List)

AWS WAF Web ACL allows protecting a set of AWS Resources. After you create a web ACL, you need to add AWS WAF rules inside it.

AWS WAF rules define specific conditions applied to web requests coming from users and how to handle these web requests. You also set default action in web ACL to allow or block requests that pass these rules.

AWS WAF rules

AWS WAF rules contain statements that define the criteria, and if the criteria are matched, then the web requests are allowed; else, they are blocked. The rule is based on IP addresses or address ranges, country or geographical location, strings that appear in the request, etc.

AWS Managed Rules rule group

You can use rules individually or in reusable rule groups. There are two types of rules: AWS Managed rule groups and managing your own rule groups.

IP sets and regex pattern sets

AWS WAF stores complex information in sets you use by referencing them in your rules.

• An IP set is a group of IP addresses and IP address ranges of AWS resources that you want to use together in a rule statement.
• A regex pattern set provides a collection of regular expressions that you want to use together in a rule statement. Regex pattern sets are AWS resources.

Prerequisites

• You must have AWS account in order to setup AWS WAF. If you don’t have AWS account, create a AWS account from here AWS account.
• IAM user with Administrator rights and setup credentials using AWS CLI or using AWS Profile.

How to create AWS WAF (Web Application Firewall) and AWS WAF rules

Now that you have a basic idea of AWS WAF and the components of AWS WAF. To work with AWS WAF, the first thing you need to create is Web Access Control List (ACL) and further add the WAF rules ( individual rules or groups of rules ) such as blocking or allowing web requests.

In this section, let’s learn how to create and set up AWS WAF and create a Web ACL.

• To create Web ACL open your favorite web browser and navigate to the AWS Management Console and log in.
• While in the console, click on the search bar at the top, search for WAF, and click on the WAF menu item.

• Now further click on on Create Web ACL button as shown below.

• Next provide the Name, cloud Watch metric name of your choice and choose Resource type as CloudFront distributions.

This tutorial already had one CloudFront Distribution in place which will be used If you need to create the cloud Distribution follow here

• Next, Click on Add AWS Resources and select the CloudFront distribution and hit NEXT.

• Further In Add rules and rule groups section choose Add my own rules and rule groups and provide the values as shown below.
  • Name as myrule123
  • Type as Regular Rule
  • Inspect as Header
  • Header field as User-Agent
  • if a request as matches the statement

• While building the rules there are 3 types of Rule Actions options available such as
  • Count: AWS WAF counts the request but doesn’t determine whether to allow it or block it
  • Allow: AWS WAF allows the request to be forwarded to the protected AWS resource
  • Block: AWS WAF blocks the request and sends back to the client.

• Choose Count as the rule action.

You can instruct AWS WAF to insert custom headers into the original HTTP request for rule actions or web ACL default actions that are set to allow or count.

• Finally hit the next button till end and then Create Web ACL.

• The rules you added previous are manual rules, but at times you need to add AWS Managed rules, to do that select AWS Managed rules.

• Now the AWS Web ACL is should look like as showb below with both managed and your own created AWS WAF rules.

Conclusion

In this tutorial, you learned AWS WAF service, WAF components such as AWS Web ACL, the WAF rules, and applied to WAF web ACL.

You also learned how to apply AWS WAF web ACL on CloudFront to protect your websites from getting exploited from attacks.

So now, which applications and websites do you plan to protect next using AWS WAF?