AWS Web Application Firewall (WAF) is a security system that controls incoming and outgoing traffic for applications and websites based in the Amazon Web Services public cloud. AWS WAF protects applications and sites from common Web attacks that could otherwise negatively affect application performance and availability. Show
AWS WAF gives a developer the ability to customize security rules to allow, block or monitor Web requests. Amazon CloudFront -- AWS' content delivery network -- receives a request from an end user and forwards that request to AWS WAF for inspection. AWS WAF then responds to either block or allow the request. A developer can also use AWS WAF's integration with CloudFront to apply protection to sites that are hosted outside of AWS. Developers create rules in AWS WAF that can include placing limitations on certain IP addresses, HTTP headers and URI strings. AWS WAF rules can prevent common Web attacks, such as SQL injection and cross-site scripting, which look to exploit vulnerabilities in a site or application. Rules take roughly one minute to activate, and a developer can track the effectiveness of those rules by viewing real-time metrics in Amazon CloudWatch or through sampled Web requests stored in the AWS WAF API or AWS Management Console. These metrics include IP addresses, geo locations and URIs for each request. A developer can also test firewall rules by configuring a "count" action that counts the number of previous Web requests that would have been blocked or allowed if that rule was in place. A single defined set of rules can protect multiple sites and applications. Amazon CloudWatch also allows a developer to set up alarms for particular attacks or when thresholds are exceeded. AWS WAF charges customers based on the number of Access Control Lists (ACLS) created, the number of rules per ACL and the number of Web requests received. This was last updated in December 2015 Continue Reading About AWS Web Application Firewall (AWS WAF)
Dig Deeper on AWS infrastructure
In this article you will learn:
The difference between a firewall and web application firewallThe main difference between a firewall and a web application firewall (WAF) definition is that a firewall usually protects network and transport layers (layers 3 and 4). A WAF offers protection on the application layer (layer 7). Organizations and users are increasingly relying on web applications (e.g., web portals, enterprise web apps, business automation web solutions, eCommerce web apps, etc.). A WAF monitors HTTP/HTTPS requests and protects these web applications from malicious activities on layer 7 of the OSI model. Hence, a WAF is a necessary protection against a growing number of web security threats. Types of WAFIn this article, you will mainly learn information about cloud-based WAFs.
What does WAF protect against?A WAF should protect against the most common malicious web attacks, such as:Common web application attacks and code injection techniques:
DDoS attacks on layer 7 (HTTP Flood):These are composed of requests (HTTP GETs and DNS queries are popular) that are designed to consume application resources (memory, CPU, bandwidth). An example is an attacker who continuously uses a website functionality (submitting a contact form or any API requests) that they know causes database and application processing so that the underlying web service is busy with malicious requests and can’t deliver to other users anymore. Read more in our article about DDoS protection. Bad Bots:Bad bots are often programmed to do a variety of malicious jobs. They can try to break into user accounts, steal data, submit meaningless data through online forms, and perform other malicious activities. Bad bot activity is most often manifested by an abnormal increase or decrease in visits in unusual periods with a high rate of immediate leave (bounce). Benefits of WAF
How does a WAF work?A WAF is usually placed logically between users and web servers and analyzes and compares network traffic with the vulnerability database. A WAF creates a set of rules designed to protect your website and detects unwanted traffic. It usually blocks this traffic but can be set up to only monitor it. Want to find out how a WAF can help your particular use case? Talk to a waf specialist AWS Web Application Firewall(AWS WAF)The AWS WAF is a cloud-based solution that helps prevent attacks on the application layer 7 and a great web application firewall example. Due to the specific nature of these attacks, with an AWS WAF you can easily create customized rules against malicious requests which could have characteristics like being disguised as good traffic or coming from bad IPs, unexpected geographies, etc. AWS WAF protection is tightly integrated with AWS services that AWS customers use to deliver content such as Amazon CloudFront CDN, the Application Load Balancer (ALB), and the Amazon API Gateway. But AWS WAF can be also used for the protection of services from other providers, but your content has to be served through the CloudFront distribution network. How does an AWS WAF work?You use an AWS WAF to control how an Amazon CloudFront distribution, an Amazon API Gateway, an Application Load Balancer or an AWS AppSync GraphQL API responds to web requests. What can an AWS WAF do?
Types of rulesBefore choosing the right type of security rules, you should understand what vulnerabilities your web application has. If you need help finding this out, contact us for a consultation. Talk to a waf specialist 1. AWS Managed rulesYou can select from a variety of AWS managed rule groups to protect your application from multiple threats. These rules are written by security experts who have extensive and up-to-date knowledge of threats and vulnerabilities. These managed rules include:
2. Custom rulesYou can write custom rules specific to your web application/database to block undesired patterns in parts of the HTTP/HTTPS request, such as headers, method, query string, URI, body and IP address. These custom rules can be used together with AWS Managed Rules. 3. AWS Marketplace RulesYou can also find rules created by security vendors that have built their own rule sets on an AWS WAF on the AWS Marketplace. 4. Advanced Automated MitigationsAWS provides the AWS WAF Security Automations Solution which automatically deploys a set of AWS WAF rules that filter common web-based attacks, but also provide advanced log analysis. This automated solution leverages AWS WAFs APIs to react to threats detected from logs, honeypot URLs, and more to automatically update rules and block malicious IP addresses. An example of this is shown below. Benefits of AWS WAFEasy to deploy:If you are already using services like Amazon CloudFront or Application Load Balancer, you can be up and running with an AWS WAF within a few minutes. And you don’t have to re-architect your whole network infrastructure when starting with an AWS WAF, which is sometimes necessary for WAFs from other providers. There is also no additional software to deploy, any DNS configuration or SSL/TLS certificate to manage. Affordable:As for other AWS services you pay only for what you use based on how many rules you deploy and how many web requests your web application receives, but you can look at our offer at the end of this article and get an AWS WAF in one of our StormIT bundles. Managed service and rules:The AWS WAF is a fully managed service, so you don’t have to worry about scaling and updates/patches. With Managed Rules for your AWS WAF, you can quickly get started and protect your web application or APIs against common threats. Managed rules are automatically updated so you can spend more time building applications. Comprehensive security with StormIT deployment architectureStormIT team helps organizations protect their websites and applications against all commonly known attacks and exploits by leveraging the protection of AWS Services, such as AWS WAF and AWS Shield. This reference architecture below includes several AWS Edge Services that the StormIT team recommends using because it can help you improve your web application’s resiliency against known web application attacks, but also secure your application and infrastructure in other ways. This architecture is intended for those who use only AWS services. Here is an example of StormIT's recommended architecture for those who use servers outside of the AWS Cloud. We offer AWS Edge Services (Amazon CloudFront, AWS WAF, Amazon Route 53 and AWS Shield) in our special bundles, so you can leverage overall security for your applications. The pricing of these bundles is mainly based on your monthly data transfer and we provide special pricing for organizations transferring as little as 1 TB of data per month. You can read more about our offers here: CDN security Which AWS services can use AWS WAF to protect against common web exploitations?What services does AWS WAF support? AWS WAF can be deployed on Amazon CloudFront, the Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync. As part of Amazon CloudFront it can be part of your Content Distribution Network (CDN) protecting your resources and content at the Edge locations.
What does AWS WAF protect against?AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.
Which AWS service does AWS WAF primarily use to aid with automation?The AWS CloudFormation template automatically launches and configures the AWS WAF settings and protective features you choose to include during initial deployment.
Which of the following services can be used as a web application firewall in AWS?AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content.
|