WAF & Shield
WAF¶
See -> AWS WAF Practices
- Web application firewall that lets you monitor the HTTP/HTTPS requests that are forwarded to CloudFront or an Application Load Balancer
- Also lets you control access to your content
Characteristics¶
-
Allows 3 different behaviours:
Behaviour Description ALLOWAllow all requests except the ones specified BLOCKBlock all requests except the ones specified COUNTCount the requests that match the properties specified -
Additional protection against web attacks by defining conditions using characteristics of web requests:
- Source IP address
- Source country
- Values in request headers
- Strings in requests / len of requests
- Presence of malicious SQL code (SQL injection) or scripts (XSS)
- Application load balancers (ALB) integrate with WAF at a regional level
- Localization:
- CloudFront is global
- ALB WAF are regional
- You can use AWS WAF to protect webapps not hosted in AWS via CloudFront (which supports custom origins outside of AWS)
- Localization:
Components¶
| Component | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Conditions |
|
||||||||
| Rules |
|
||||||||
| Web ACLs |
|
Shield¶
DDoS mitigation
Characteristics
| Type | Description |
|---|---|
| Standard |
|
| Advanced |
|