AWS Web Application Firewall or AWS WAF is an application firewall which helps to protect your resources by monitoring HTTP and HTTPS request that are forwarded to the resource. It monitors and blocks common attacks like SQL injection, Cross Site Scripting, DDoS (Denial of service attacks) etc. and also controls the unusual bit traffic to the resources.
AWS WAF Features
Some of the features of AWS WAF are:
- API Support: AWS WAF can be managed entirely using APIs. This enables organisations to instantly establish and manage rules. They can also include these into the design and development processes.
- AWS Firewall Manager Integration: AWS WAF can be integrated with AWS Firewall Manager which will allows you to follow a consistent list of security policies for all the resources generated in your AWS account.
- Web traffic filtering: Organisations can build guidelines to filter traffic based on conditions that consist of IP addresses, HTTP headers, and body, or custom URIs. This gives you a further layer of safety from internet attacks that try to make the most vulnerabilities in custom or third-party internet packages.
- AWS WAF Bot control: It is a managed rule group that offers you permeability and manipulation with just a couple of clicks over commonplace and pervasive bot visitors that can devour overabundant assets, skew metrics, purpose downtime, or perform other undesired tasks.
- Real-time Visibility: Raw requests are recorded and real-time analytics is provided which includes IPs, geolocations, URIs, User-Agent and etc.
You can protect the following resource types:
- Amazon CloudFront distribution
- Amazon API Gateway REST API
- Application Load Balancer
- AWS AppSync GraphQL API
- Amazon Cognito user pool
- AWS App Runner service
Components of AWS WAF
Following are the components of AWS WAF:-
- Web ACL: A Web ACL aka. Web Access Control List is a set of rules that offers you control over how an Amazon API Gateway, Amazon CloudFront distribution, or AWS Load Balancer responds to web requests. A Web ACL can have up to 10 rules, and as a user you can define which request should be allowed or denied based on the different criteria defined.
- WAF Conditions: WAF conditions are the fundamental properties AWS WAF should look for in a web requests. Some of these conditions are IP match, string match, SQL Injection, and so on. Conditions are used along with the rules to specify which requests needs to be accepted or rejected.
- WAF Rules: A single or a group of conditions bundled together defines a WAF rule. A request should satisfy all conditions to be granted or banned. AWS WAF Managed Rules are pre-configured rules to defend your applications against common risks. There are also AWS WAF rules provided by partners which you can access on AWS marketplace.
Use Cases of AWS WAF
In the nutshell, you will use AWS WAF when you would like to implment one of the following behaviours.
- Allow all requests except the ones that you specify – This is useful when you want to serve content for a public website, but you also want to block requests from attackers.
- Block all requests except the ones that you specify – This is useful when you want to serve content for a private application or website. This will only work if you can identify the users whom you would like to give access. This can be done by whitelisting their IP etc.
- Count requests that match your criteria –The Count action can be useful to track your web traffic and also dry test your rules without actually implementing and changing the way you handle them. When you enable a new rule based on new properties in the web requests, you can first configure AWS WAF to count the requests that match those properties. This will allow you to dry test and confirm that ypur rule is working fine.
- Reduce Bot Traffic – You can implement CAPTCHA and other silent challenge controls against requests to help reduce bot traffic.
This was an introduction to AWS WAF and I will write more about setting it up and configuring it in upcoming blog posts.