Web Application Firewall (WAF)

  • Block malicious and unauthorized traffic
  • Typical firewalls work at Layer 3 and 4
  • Supports CloudFront and ELB
  • WAF works at Layer 7 to stop SQL injection, XSS, etc.
  • Web ACL is centralized place for rules, rule statements, and associated configuration
  • Associations define which entity WAF is associated with (ALB, CloudFront, API Gateway, AppSync)
  • Rule statements
    • Custom, e.g., block requests from country X, block requests to /admin or ?admin, etc.
      • Can combine multiple statements with AND, OR, NOT
      • Allow, block, count, or CAPTCHA
      • Configure either allow or block default rule
    • Managed
      • Paid and free
      • Admin protection, bot control, SQL database, etc.
  • 10,000 rules per IP set and you can have multiple IP sets

Stay up to date

Get notified when I publish. Unsubscribe at any time.