Over the past couple of years, security has become a crucial concern for most companies. Fortunately, there are many services available to help you improve the overall security of your AWS environment. AWS WAF (Web Application Firewall) is a firewall that helps you to protect your web application server against a range of Internet threats.
AWS WAF Overview
AWS Web Application Firewall (WAF) is a security tool that helps you to protect the application against web attacks. WAF monitors and controls unusual bot traffic, blocks common attack patterns, such as SQL Injection or Cross-site scripting, etc. It also lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, Amazon CloudFront or an Application Load Balancer.
- Amazon WAF allows you to control your content by using an IP address from where the request originates.
- Three things make Amazon WAF work – Access control lists (ACL), Rules and Rule Group.
- Amazon WAF manages Web ACL capacity units (WCU) for rules, rule groups and web ACLs.
- Amazon WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of security rules.
Common Web Attacks
Before protecting your applications, you need to know the most common web attacks mention below.
DDoS(Denial-Of-Service) attacks: This is probably the most common attack. Attackers overload an application by sending bulk requests to the web servers. Thousands of hosts infected with malware are used in this attack, which utilizes more than one unique IP address or machine. This slows down the application and significantly hurt the value of a brand.
SQL injections: SQL injection is a code injection procedure that might destroy your SQL database. Attackers can run malicious SQL queries on your web applications.
Cross-Site Scripting: If your application is vulnerable to cross-site scripting, then the attacker can run or inject malicious scripts, generally in the form of a browser side script. These scripts can even rewrite the content of the HTML pages.
AWS WAF Features
Amazon Web Application Firewall offer lots of features to its users mentioned below.
- Protection Against Web Attacks: With minimum latency impact on incoming traffic, AWS WAF offers many rules to inspect any element of a web request. AWS WAF protects web applications against threats by filtering traffic according to the rules created.
- Establish Rules Accordingly: AWS WAF is a versatile and valuable tool for protecting the infrastructures of applications. And this is because it allows users to establish rules according to their needs and vulnerabilities that they wish to stop. We can consider it as a great solution to protect any web applications environment at the enterprise level.
- Web traffic filtering: WAF allows users to create rules to filter web traffic. It filters IP addresses, HTTP headers, HTTP body, or URI strings from a web request.
- Flexible Integration With AWS Services: AWS Web Application Firewall offers easy integration with other AWS services like Amazon EC2, CloudFront, Load balancer etc.
- Monitor Rules: AWS Web Application Firewall allows us to create rules and review and customize them to prevent unknown attracts.
How It Works
AWS Web Application Firewall protect the applications from malicious attacks. Working of WAF mentioned below.
- AWS Firewall Manage: It Manages multiple AWS Web Application Firewall Deployments
- AWS WAF: Protect deployed application from common web exploits.
- Create a Policy: Now you can build your own rules using the visual rule builder.
- Block Filter: Block filter protect against exploits and vulnerabilities attacks.
- Monitor: Use Amazon CloudWatch for incoming traffic metrics & Amazon kinesis firehose for request details, then tune rules based on metrics and log data.
Check Out: Our blog post on AWS SNS.
Getting Started With AWS WAF
AWS WAF monitors all the web incoming and outgoing requests that are forwarded to API Gateway, Amazon CloudFront, and Application Load Balancer. We will see how to get started with WAF and create web ACL in some steps.
Step 1: Create web ACL: Firstly, sign-up for an AWS account, then go to AWS Console and search for Web Application Firewall. You will land on the WAF home page, choose to Create Web ACL.
Also Check: AWS IAM Best Practices.
Step 2: Give a Name: Type the name you want to use to identify this web ACL. After that, enter Description if you want (optional) and then hit Next.
Step 3: Add an AWS Managed Rules rule group: In the next step, you need to add rules and rule group. Click on Add managed rule groups. You will land on a new page to manage the rule group mentioned in snapshot 2.
AWS Managed Rules provides you with a collection of managed rule groups. Majority of which are free for Amazon WAF users. After adding managed rule group, choose to save the rule.
The rules we’re going to create will define the patterns we want to allow/block. We’ll add 2 rules only.
- Regular rule: This rule protects the application from SQL injection attacks. It will check if the URI path contains an SQL injection.
- Rate-based rule: This rule blocks the requests made from the same IP address after they exceed a certain limit in a time period.
After that, review and set rule priority and hit Next
Step 4: Review Web ACL Configuration: In the final step, check all the rules and managed groups and hit on create web ACL.
Finally, a message will pop up You Successfully created web ACL: ACL-name
Also Read: Our previous blog post on AWS Storage.
Case Study
AWS helping customers with a wide range of services. AWS WAF helps companies to prevent malicious attacks that could compromise security, affect application availability etc. Some of the companies using Web Application Firewall mentioned below.
EagleDream: EagleDream Technologies provide UI/UX, Web Development, and Cloud Managed Service expertise and end-to-end support for customers. EagleDream is a full spectrum driver of digital transformation with AWS.
Equinix: Equinix, Inc. is an American based MNC that specializes in Internet connection and data centres. The company is a leading global colocation data centre in market share. It has 210 data centres in 25 countries. Equinix uses the AWS Web Application Firewall (WAF) service to protect against attacks, manage traffic, and block dangerous IP addresses.
Read More: About AWS EC2 Auto Scaling.