AWS  WAF, AWS Manage Rule, and Custom Rule, IP set, etc.

AWS WAF, AWS Manage Rule, and Custom Rule, IP set, etc.

AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.

AWS WAF can protect two types of global (Cloudfront) and Regional resources like

Steps of Creating Web ACL

Creating Web ACL

Sign in to the AWS Management Console and open the AWS WAF console at https://console.aws.amazon.com/wafv2/.

Click on Create Web ACL

Enter the name for your web ACL and also make sure regional resources is selected, right now we are just creating Web ACL we will see later how we can add a resource to protect.

keep default options and again click next

on the set rule priority keep default and click next

Protect Resource with Web ACL

Select the resource type and then select the resource you want to associate with this web ACL, I am doing this demo for Amazon API Gateway REST API

I have my Example REST API running at this URL https://u2mjsw39v5.execute-api.us-east-1.amazonaws.com/dev/pets

Adding Rule in AWS WAF

There are two types of Rule Groups in AWS WAF,

  1. Managed Rules

  2. Custom Rules Group

let's see each one by one first, we will see Managed Rules

Adding AWS Managed Rules Group in WEB ACL

Managed rule groups are created and maintained for you by AWS and AWS Marketplace sellers. Any fees that a managed rule group provider charges for using a managed rule group are in addition to the standard service charges for AWS WAF

Which AWS-managed rule to add depends upon your requirement AWS also offers some Free rule groups (you can use the free rule groups without any added charges beyond the standard service charges for AWS WAF)

I am adding SQL database rule groups to show this demo that this group will block any SQL injection attempts

Click on save

Attempting to SQL injection is getting Denied,

we can also add other rules groups if required like (Admin protection, Amazon IP reputation list, Anonymous IP list, Linux operating system etc)

Adding Custom Rules Group in WEB ACL

When creating custom rule groups custom rules can be categorized into three categories

  1. IP set (Use IP sets to identify a specific list of IP addresses)

  2. Rule builder (Use a custom rule to inspect for patterns including query strings, headers, countries, and rate limit violations.)

  3. Rule group (Use a rule group to combine rules into a single logical set.)

Now we have seen how to add a managed rules group let's go web ACL page and see how we can add a custom rule

we can also create a rule group from here and use rule groups across other WAF ACL

IP set in AWS WAF ACL

One of the scenarios could be when you need to add a custom domain to your AWS access and your domain Nameserver is in Cloudflare and you want to allow only Cloudflare ips to access your resource and proxy traffic, you can create an IP set and allow only access to Cloudflare and block all.

Rule priority

When we add multiple rules then Rule priority comes into to picture If a request matches a rule, take the corresponding action. The rules are prioritized in the order they appear.

Custom response bodies

Custom response bodies are plain text, JSON, or HTML content that you use to customize a response to blocked requests. You can use a response body anywhere in the web ACL where you create it.

Additional Configuration

Before you leave these are the Additional considerations and best practices you can follow

Enable logging

you can send tog to CloudWatch Logs log group, Kinesis Data Firehose stream,S3 bucket

Block Default web ACL action for requests that don't match any rules

Regex pattern sets

A regex pattern set provides a collection of regular expressions that you want to use together in a rule statement

AWS WAF Pricing

https://aws.amazon.com/waf/pricing/

Clean up,

You need to disassociate your attached resource before deleting AWS WAF ACL

Did you find this article valuable?

Support Muhammad Usama by becoming a sponsor. Any amount is appreciated!