Skip to content

AWS WAF

Best Practices

  • Use CloudFront (to reduce attack surface area)
  • Use ELB to handle fluctuations
  • Use Auto scaling for compute scalability
  • Secure application with Security groups and ACLs
  • Enable Relevant CloudWatch matrices for monitoring
  • Enable logs for deeper analysis
  • Enable WAF for layer7 protection
  • Use WAF rate limit rules
  • Configure Shield Advanced properly for anomaly detecion
  • Configure health checks for faster detection adn mitigation

WAF

What is a WAF ?

  • Web Application Firewall
  • Monitors HTTP/S requests and protects web applications from malicious activities
  • Layer 7 inspection and mitigation tool

What can we do with an AWS WAF ?

  • Malicious traffic blocking
  • SQLi
  • XSS
  • IP Blacklists
  • Web traffic filtering
  • Rate based rules
  • IP Match & Geo-IP filters
  • Regex & String Match
  • Size constraints
  • Action: Allow/Block
  • Active monitoring & tuning
  • CloudWatch Metrics/Alarms
  • Sampled Logs
  • Count Action mode

AWS WAF available on

  • Amazon Cloud Front (Amazon's CDN)
  • Application Load Balancer (ALB)

How to use AWS WAF ?

  • Custom Rules
  • Managed Rules
  • Security Automation

AWS WAF Managed Rules

  • ThreatSTOP Managed Rules - New and Active HTTP Threats for AWS WAF
  • Cyber Security Cloud Managed Rules for AWS WAF -HighSecurity OWASP Set-
  • Cyber Security Cloud Managed Rules for AWS WAF -API Gateway/Serverless-
  • Fortinet Managed Rules for AWS WAF - API Gateway
  • Fortinet Managed Rules for AWS WAF - SQLi/XSS
  • Fortinet Managed Rules for AWS WAF - Malicious Bots
  • ThreatSTOP Managed Rules - CoreThreats for AWS WAF
  • Cloudbric Managed Rules for AWS WAF - OWASP Top 10 Rule Set
  • ThreatSTOP Managed Rules - ITAR and OFAC for AWS WAF
  • Fortinet Managed Rules for AWS WAF - General and Known Exploits
  • ThreatSTOP Managed Rules - New and Active Malicious Bots for AWS WAF
  • Fortinet Managed Rules for AWS WAF - Complete OWASP Top 10
  • Cyber Security Cloud Managed Rules for AWS WAF Classic -OWASP Set-
  • Imperva - Managed Rules for IP Reputation on AWS WAF
  • Cloudbric Managed Rules for AWS WAF - Malicious IP Reputation Rule Set
  • Fortinet Managed Rules for AWS WAF Classic - Complete OWASP Top 10
  • F5 Rules for AWS WAF - Bot Protection Rules
  • F5 Rules for AWS WAF - Common Vulnerabilities & Exposures (CVE) Rules
  • F5 Rules for AWS WAF - API Security Rules
  • F5 Rules for AWS WAF - Web exploits OWASP Rules

Key Benefits of Managed Rules

  • Rules managed by security experts
  • Choice of protection
  • Auto-updates
  • Pay as you go
  • Easy to Deploy

References