AWS WAF is a web application firewall that helps protect your web applications against common web exploits that may affect availability, compromise security, or consume excessive resources. AWS WAF allows us to control how traffic reaches your applications by creating security rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that filter out specific traffic patterns you define. The implementation and rule configuration will be done by root360. A WAF can be associated to a AWS loadbalancer or a CDN (Amazon Cloudfront) endpoint.
Security Automations: pre-configured protective WAF rules designed to filter common web-based attacks, customizable
Managed Rules: curated WAF rules from Cyber Security Cloud, F5, Fortinet and others to address specific threats like the OWASP Top 10 security risks
AWS WAF can protect AWS loadbalancer endpoints and Amazon CloudFront endpoints. Further AWS WAF is well integrated into Dashboard to ensure attacks are visible to all environment owners.
AWS Managed Rules (A): This set of AWS managed core rules provides protection against exploitation of a wide range of common application vulnerabilities or other unwanted traffic.
Manual IP lists (B and C): This component creates two specific AWS WAF rules that allow you to manually insert IP addresses that you want to block or allow.
SQL Injection (D) and XSS (E): The solution configures two native AWS WAF rules that are designed to protect against common SQL injection or cross-site scripting (XSS) patterns in the URI, query string, or body of a request.
HTTP flood (F): This component helps protect against attacks that consist of a large number of requests from a particular IP address, such as a web-layer DDoS attacks or a brute-force login attempt. This feature supports thresholds of less than 100 requests within a 5 minute period.
Scanners and Probes (G): This component parses application access logs searching for suspicious behavior, such as an abnormal amount of errors generated by an origin. It then blocks those suspicious source IP addresses for a customer-defined period of time.
IP Reputation Lists (H): This component is the IP Lists Parser AWS Lambda function which checks third-party IP reputation lists hourly for new ranges to block.
Bad Bots (I): This component automatically sets up a honeypot, which is a security mechanism intended to lure and deflect an attempted attack.
As we have a lot of experience with AWS WAF, we can provide a best practice initial configuration as well as optimizing configurations specifically for your application.