Voiced by Amazon Polly |
Introduction
AWS WAF is a web application firewall that helps you monitor web requests forwarded to Amazon CloudFront distributions or an Application Load Balancer. We can also use AWS WAF to allow or block requests based on conditions you specify, like IP addresses that requests originate from or values in the requests.
Pioneers in Cloud Consulting & Migration Services
- Reduced infrastructural costs
- Accelerated application deployment
Prerequisites
- AWS Account
Step-by-Step Guide
Step 1 – Create a Web Application
- Log in to your AWS Account
- Deploy simple application on Amazon EC2 instance, which is susceptible to the XSS attack.
Step 2 – Create Application LoadBalancer
- Go to the Load balancer console and click “Create Application Load balancer”.
- Provide the relevant information below:
- Load Balancer Name: XSS-LoadBalancer
- Scheme: Internet Facing
- IP address type: IPv4
- VPC: Same as of XSS Application
- Mapping: Select at least two AZs
- Security groups: Create a new one with Port 80 and 443 enabled for anywhere and add additional ports based on your application stack requirement
- Listeners and routing: Create a target group, add your EC2 instance to that target group, and leave other options as it is.
3. Keep the rest of the option as default, and in the last click on “Create load balancer”
4. Now hit the load balancer DNS once it’s up and tested successfully. Proceed to the next section.
Step 3 – Create WAF Web ACL and Associate LoadBalancer
- Now go to WAF service from the AWS console to protect your application from WAF and click on “Create web ACL”
- Now the Describe Web ACL and associate it to AWS resources section appears and provide the Web ACL details as shown below:
- Name: XSS-WAF
- Description: XSS-WAF
- CloudWatch metric name: XSS-WAF
- Region: Same as of LoadBalancer
- Resource Type: Regional Resources
3. Under the Associated AWS resources section, click on “Add AWS resources”.
4. And add the newly created XSS-LoadBalancer created in the previous section and the last click on Next
5. Now under Add rules and rule groups, click on” Add managed rule groups” expand the “AWS managed rule groups” section, and enable the core rule set and in last click on Add Rule, and after that in the last click on Next
6. Under the “Set rule priority” section, click Next, as we have only one rule for now.
7. In Configure metrics section, keep all the options as default, and at the bottom, click on Next
8. In the last section, review all the settings, and after that in the last click on Create Web ACL
9. When you click on a newly created web ACL, it will show you which rule it matches. It collects a lot of metrics from CloudWatch
10. Now go to LoadBalancer DNS and add the script string to check the exploit. Now you will get 403 Forbidden error because web ACL found that there is some XSS attack
11. Now go to WAF overview, and under “Sampled requests” you will get the details that you are going to execute this URI, and it detected as XSS as shown below Screenshot
Conclusion
You can use AWS WAF for various processes, like matching actual strings, regex patterns, SQL, etc. If you can protect your application from XSS attack using the above steps, you have successfully created the AWS WAF rule with the required inputs. It lets you monitor the HTTP and HTTPS requests forwarded to your web application resources.
Making IT Networks Enterprise-ready – Cloud Management Services
- Accelerated cloud migration
- End-to-end view of the cloud environment
About CloudThat
CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.
CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, AWS GenAI Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, Amazon ECS Service Delivery Partner, AWS Glue Service Delivery Partner, Amazon Redshift Service Delivery Partner, AWS Control Tower Service Delivery Partner, AWS WAF Service Delivery Partner, Amazon CloudFront Service Delivery Partner, Amazon OpenSearch Service Delivery Partner, AWS DMS Service Delivery Partner, AWS Systems Manager Service Delivery Partner, Amazon RDS Service Delivery Partner, AWS CloudFormation Service Delivery Partner, AWS Config, Amazon EMR and many more.
FAQs
1. How does AWS WAF allow or block traffic?
ANS: – It forwards those received requests to AWS WAF for checking against your rules. Once a request meets a condition defined in your rules, AWS WAF actions the underlying service to allow or block the request based on the action you define.
2. Can we use WAF service to protect websites not hosted in AWS?
ANS: – Yes, we use AWS WAF service and integrate it with Amazon CloudFront. It supports custom origins outside of AWS.
3. What services are supported by AWS WAF?
ANS: – AWS WAF service can be configured on the Application Load Balancer (ALB), Amazon CloudFront, Amazon API Gateway, and AWS AppSync.

WRITTEN BY Mayank Bharawa
Comments