AWS WAF – Protect Your Web Applications at Scale

Security

Application Security is the practice of ensuring that software applications are protected from various threats and vulnerabilities throughout their lifecycle, from design and development to deployment and beyond.

Security Threats

1. Application-Layer DDoS Attacks: An attacker sends thousands of HTTP GET requests per second to an application page. The requests appear normal, but they overload the web server and deny access to real customers.
2. Bot Traffic & Credential Stuffing: Type of automated cyberattack where malicious bots attempt to log in to user accounts by rapidly trying different username and password combinations — often stolen from previous data breaches.
3. Geolocation-Based Access Control: Geolocation-based access control is a security method that restricts or allows access to systems, applications, or data based on the user’s physical location, as identified through their IP address or GPS data.
4. Custom Rules & Rate Limiting: Custom rules and rate limiting are security techniques used to control web traffic. Custom rules allow organizations to define specific conditions for blocking or allowing requests, while rate limiting restricts the number of requests a user or IP can make in a set time frame to prevent abuse or attacks.
5. SQL Injection (SQLi) & Cross-Site Scripting (XSS): Type of ccommon web application attacks. SQLi targets databases by injecting malicious SQL commands, while XSS involves injecting harmful scripts into web pages to steal user data or hijack sessions.

AWS Web Application Firewall (WAF)

• AWS WAF is a web application firewall that helps detect and block malicious web requests targeted at your web applications.
• Provides web traffic filtering
• Provide Application Layer protection
• Provides real-time metrics
• Protect your web applications from common web exploits

AWS WAF Use Cases

1. IP Blocking and Allowlisting
2. Rate-Based Rules (Throttling) and Size Constraints Rule
3. Geo-Blocking
4. Prevent SQL injection, cross-site scripting (XSS), and other common web exploits.
5. Real-time Visibility and Logging
6. Custom Rule Sets for APIs
7. Integration with AWS Shield

Steps to Configure Web ACLs and Rule Group:

In this blog we will configure web ACL for Application running on EC2 server behind Application Load Balancer.

The demo web URL avinashbundela.link is configured to route traffic through an Application Load Balancer, which directs requests to the appropriate backend application servers.

To configure AWS WAF Web ACL for the URL avinashbundela.link (which is mapped to an Application Load Balancer), follow these steps:

Prerequisites

1. Your domain (avinashbundela.link) should already be routed through ALB (Application Load Balancer).
2. AWS WAF is available in us-east-1 or global, depending on the resource.

Step 1: Go to AWS WAF Console

1. Open the AWS WAF & Shield console:
   https://console.aws.amazon.com/wafv2/

Step 2: Create Web ACL

1. Click on “Create web ACL”.
2. Enter a Name (e.g., WAF-avinashbundela).
3. Resource type: Select “Regional resources”.
4. Associated AWS resource: Choose Application Load Balancer (ALB).
5. Select your ALB (mapped with avinashbundela.link) from the list.

Step 3: Add Rules (Optional but Recommended)

You can add rules now or later. Some common options:

• Managed rule groups (recommended):
  • AWSManagedRulesCommonRuleSet
  • AWSManagedRulesKnownBadInputsRuleSet
• Custom rules:
  • Block IPs
  • Limit request rate (Rate-based rule)
  • Allow only specific countries (GeoMatch)

Example:
Create a custom AWS WAF rule to block traffic from a specific country.

Step 4: Set Default Action

Choose:

• Allow (default unless overridden by rules)
• Block (only allow requests that match “Allow” rules)

Typically, choose Allow if you have blocking rules in place.

Step 5: Review & Create

• Review your settings and rules.
• Click “Create Web ACL”.

Step 6: Web ACL Is Now Active

• The Web ACL will now filter all traffic through your ALB (avinashbundela.link).

Now check the same URL (avinashbundela.link)again — you will notice that access from India is no longer allowed.

Conclusion

1. Comprehensive Protection: Safeguards applications threats, including SQL injection, XSS, and DDoS attacks.
2. Customizable Security: Create tailored rules to meet specific application needs, enhancing control over web traffic.
3. Seamless Integration: Works effortlessly with AWS services like CloudFront, ALB, and API Gateway, ensuring robust security across your infrastructure.
4. Real-Time Monitoring: Provides near real-time visibility into web traffic, enabling prompt detection and response to potential threats.
5. Cost-Effective: Adopts a pay-as-you-go model, allowing businesses to scale security measures without incurring unnecessary costs.

About CloudThat