Voiced by Amazon Polly |
AWS Web Application Firewall (WAF): An Overview
AWS Web Application Firewall is a very important service to protect your applications running in AWS Cloud from the Layer-7 attacks like SQL injection attacks, Cross-site scripting attacks, HTTP flooding, and many more. Web Application Firewall is a global service and can be associated with CloudFront and some regional services like Application Load Balancer, API Gateway, Cognito user pool, AWS Verified Access, Amazon AppSync GraphQL API, and Amazon App Runner service. We can create Web ACL in the WAF service, using which the web traffic filtering can be done and applications can be protected.
Customized Cloud Solutions to Drive your Business Success
- Cloud Migration
- Devops
- AIML & IoT
What is Web ACL in WAF?
In the WAF, we can create the Web ACL associated with the resources. The Web ACL consists of Custom rules or rule groups and the Managed rule groups using which the web traffic is filtered or controlled. Real-time metrics are also generated for each rule or rule group created in the Web ACL.
Custom Rules or Rule Groups – We can write our own rule statements and define the action to be taken if the rule statement matches the source request. You can use IPset in this option to define the list of IP addresses to be blocked or allowed.
Managed Rule Groups – These are rule groups available from AWS and the AWS marketplace. It consists of readymade rule groups created for specific traffic filtering or protection. There are charges for using marketplace rule groups or some AWS rule groups. But this is the best option when you lack in-house expertise.
Creating Web ACL and writing rules to block specific user-agent
Below are the steps to create the Web ACL to block access to our application running behind the Application Load Balancer from the Chrome browser.
Configuration Steps-
- In the AWS console, search for WAF service from the search bar.
- In the WAF console window, in the left pane, click on the ‘Web ACL‘ option.
- Then, in the main window, select the region for Web ACL
- Click ‘Create web ACL.‘
- Enter the name for Web ACL in the Name field.
- For the ‘Resource Type,’ Click the ‘Regional resources‘ option.
- Select the appropriate region based on the resource region.
- Click ‘Add AWS Resources‘ and select the resource name and then select the actual name of the resource listed in the below window, then Click ‘Add.‘
- Click ‘Next.‘
- In the rules tab, Click ‘Add rules‘ and then click ‘Add my own rules and rule groups
- Select the option ‘Rule builder.‘
- Enter a name for the rule (for example- useragentblock)
- Select ‘Regular rule.‘
- In the ‘If a request‘ option, select ‘matches the statement.‘
- In the statement window, enter the information as given below.
Regular expression from the above figure to match Chrome user-agent –
^Mozilla\/5\.0 \(.+?\) AppleWebKit\/\d+\.\d+ \(KHTML, like Gecko\) Chrome\/\d+\.\d+\.\d+\.\d+ Safari\/\d+\.\d+$
- In the Action window, select the ‘Block’ option.
-
Click the ‘Validate‘ button from the Rule window
- Now scroll down and click ‘Add rule.‘
- In ‘Default web ACL action for requests that don’t match any rules,‘ select ‘Allow.‘
- Click ‘Next.‘
-
Set the priority for rule execution if multiple rules are created. Otherwise, click ‘Next.‘
- On Configure metrics window, keep all settings default and click ‘Next.‘
-
Now review the thins and click ‘Create web ACL.‘
Now your Web ACL is created and associated with the AWS resource you are trying to protect.
Testing the results
Once the Web ACL is created, try to access your application URL through the Edge and Chrome browsers. You can see that the same application is accessible from the Edge browser but not from the Chrome browser.
Conclusion
Thus, we can conclude that using the Web Application Firewall, we can write multiple rule statements and create a Web ACL, which can be associated with the AWS resources specified above to protect them from layer-7 attacks. Also, we can filter the web traffic as per our requirements.
Get your new hires billable within 1-60 days. Experience our Capability Development Framework today.
- Cloud Training
- Customized Training
- Experiential Learning
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner, Amazon CloudFront Service Delivery Partner, Amazon OpenSearch Service Delivery Partner, AWS DMS Service Delivery Partner, AWS Systems Manager Service Delivery Partner, Amazon RDS Service Delivery Partner, AWS CloudFormation Service Delivery Partner, AWS Config, Amazon EMR and many more.

WRITTEN BY Abhijit Dilip Powar
Comments