Web application Firewall
Web Application Firewall is a security service provided by AWS that helps protect your Web Application from common web exploits that could affect application availability, compromising security, or consume excessive resources.
It is used to monitor the HTTP and HTTPS requests that are forwarded to an Amazon API, Gateway API, Amazon CloudFront, or an Application Load Balancer.
It also gives control over which traffic to allow or block to your web applications by defining customizable web security rules.
Any public web applications are exposed to certain common exploits, using a web application firewall; you can watch for vulnerabilities and block them upfront without affecting your applications running on these AWS services.
When we enable the Web Application Firewall, it watches for the following character streaks in a web request.
Cross Site Scripting (XSS):
These are scripts that are likely to be malicious. Attackers embed these scripts that can exploit vulnerabilities in your web applications.
IP addresses range that requests originate from:
WAF can look for countries or geographical locations where requests originate from.
Length of a specific part of the request such as the query string.
It can find the SQL Injection:
SQL Injections are SQL code that is likely to be malicious. So that attackers can try to extract data from your database by embedding malicious SQL code in a web request.
It can also look for strings that appear in the request, for example, values that appear in the query string.
When we are setting up WAF for different AWS services first we define the conditions for example if a request is originating from a particular country.
After defining the conditions we combine them into rules. A rule contains multiple conditions. The rules are then combined into Web ACL. This is where we define an action for each rule. We can also define a default action that gets executed when none of the rules are met.
AWS Shield:
AWS Shield protects against DDoS attacks. The DDoS attack is a distributed denial of service (DDoS) attack. It is an attack in which multiple compromised systems attempt to flood a target, such as a network or a web application, with traffic. A DDoS attack can prevent legitimate users from accessing a service and can cause the system to crash due to the overwhelming traffic volume.
AWS provides two types of Shields:
AWS Shield Standard:
Shield network and transport layer DDoS attacks that target your website or applications. All AWS customers are benefited from the automatic protections of AWS Shield Standard at no additional charges.
AWS Shield Advanced:
It provides expanded DDoS attack protection for web applications running on Amazon EC2, Elastic Load Balancing (ELB), CloudFront, and Route 53 resources. It comes with an additional charge.
Top comments (0)