Strengthening Web Application Security with AWS WAF

Overview

Web applications are constantly exposed to security threats such as SQL injection, cross-site scripting (XSS), malicious bots, and distributed denial-of-service (DDoS) attacks. Protecting applications from these threats is critical to maintaining availability, performance, and user trust. AWS Web Application Firewall (AWS WAF) is a managed security service that helps protect web applications by filtering and monitoring incoming HTTP and HTTPS requests.

AWS WAF allows you to create custom security rules that control traffic to your applications. It integrates seamlessly with services like Amazon CloudFront, Application Load Balancer (ALB), and Amazon API Gateway, enabling you to block malicious requests before they reach your application.

In this blog, we will explore AWS WAF features and walk through a step-by-step guide to configuring AWS WAF to protect a web application.

Introduction

AWS WAF is designed to give organizations fine-grained control over the traffic accessing their web applications. Instead of relying solely on network-level security, AWS WAF operates at the application layer (Layer 7), allowing it to inspect web requests and apply rules based on IP addresses, request headers, query strings, request body, and more.

With AWS WAF, you can use AWS-managed rule groups for common threats or create custom rules tailored to your application’s needs.

Diagram

Key Features of AWS WAF

1. Managed Rule Groups

AWS provides preconfigured rule sets that protect against common vulnerabilities such as SQL injection and cross-site scripting.

2. Custom Rules

You can create your own rules to allow, block, or count requests based on specific conditions, such as IP address, country, headers, or request patterns.

3. Rate-Based Rules

AWS WAF can automatically block IP addresses that send excessive requests, helping protect against brute-force attacks and traffic floods.

4. Real-Time Monitoring

AWS WAF integrates with Amazon CloudWatch, allowing you to monitor traffic patterns, rule matches, and blocked requests in real time.

5. Seamless AWS Integration

AWS WAF works directly with Amazon CloudFront, Application Load Balancers, and Amazon API Gateway without requiring additional infrastructure.

Step-by-Step Guide

Step 1: Open AWS WAF Console

1. Log in to the AWS Management Console
2. Search for AWS WAF & Shield
3. Select AWS WAF
4. Choose the appropriate Region (for ALB or API Gateway)
   • CloudFront WAF is global

You will land on the AWS WAF dashboard.

Step 2: Create a Web ACL

A Web ACL (Access Control List) defines the rules that inspect incoming web requests.

Steps:

1. Click Create Web ACL
2. Enter:
   • Web ACL Name (example: web-app-waf)
   • Resource type (CloudFront / ALB / API Gateway)
3. Select the AWS resource you want to protect
4. Set default action:
   • Allow requests
   • OR Block requests

Click Next.

Step 3: Add Managed Rules

Managed rules provide immediate protection against known threats.

Steps:

1. Click Add rules
2. Choose Add managed rule groups
3. Select:
   • AWS Managed Rules – Core rule set
   • SQL injection rule set
   • Known bad inputs rule set
4. Review rule behavior
5. Click Add rules

These rules automatically block common attack patterns.

Step 4: Create Custom Rules (Optional)

Custom rules allow advanced control over traffic.

Example: Block traffic from a specific IP

1. Click Add rule
2. Choose Rule builder
3. Define:
   • Match condition: IP address
   • Action: Block
4. Save the rule

You can also create rules based on:

• Country
• Request headers
• URI paths
• Query parameters

Step 5: Configure Rate-Based Rules

Rate-based rules protect against request flooding.

Steps:

1. Click Add rule
2. Choose Rate-based rule
3. Set request limit (example: 2000 requests per 5 minutes)
4. Choose action: Block
5. Save rule

This helps prevent brute-force and bot attacks.

Step 6: Review and Create Web ACL

1. Review all rules and priorities
2. Confirm logging and metrics settings
3. Click Create Web ACL

AWS WAF is now actively protecting your application.

Step 7: Monitor WAF Traffic

Go to:

• AWS WAF → Web ACLs → Traffic Overview

You can view:

• Allowed requests
• Blocked requests
• Rule match counts
• Traffic trends

Logs can be sent to Amazon CloudWatch, Amazon S3, or Amazon Kinesis Data Firehose for analysis.

Conclusion

Following the steps in this guide, you can quickly deploy AWS WAF, attach it to your web resources, and start monitoring traffic in real time. A properly configured AWS WAF acts as a critical security layer, ensuring your web applications remain secure, available, and resilient against modern threats.

Drop a query if you have any questions regarding AWS WAF and we will get back to you quickly.

About CloudThat