WAF
Last updated
Last updated
Application Layer, known as Layer 7 or L7 firewalls are capable of inspecting, filtering and even adjusting data up to Layer 7 of the OSI model.
They have visibility of the data inside a L7 connection. For HTTP this means content, headers, DNS names .. for SMTP this would mean visibility of email metadata and for plaintext emails the contents.
AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.
AWS WAF is a web application firewall
WAF lets you create rules to filter web traffic based on conditions that include IP addresses, HTTP headers and body, or custom URIs
WAF makes it easy to create rules that block common web exploits like SQL injection and cross site scripting
Web ACLs – You use a web access control list (ACL) to protect a set of AWS resources
Rules – Each rule contains a statement that defines the inspection criteria, and an action to take if a web request meets the criteria
Rule groups – You can use rules individually or in reusable rule groups
IP Sets - An IP set provides a collection of IP addresses and IP address ranges that you want to use together in a rule statement
Regex pattern set - A regex pattern set provides a collection of regular expressions that you want to use together in a rule statement
A rule action tells AWS WAF what to do with a web request when it matches the criteria defined in the rule:
Count – AWS WAF counts the request but doesn't determine whether to allow it or block it. With this action, AWS WAF continues processing the remaining rules in the web ACL
Allow – AWS WAF allows the request to be forwarded to the AWS resource for processing and response
Block – AWS WAF blocks the request and the AWS resource responds with an HTTP 403 (Forbidden) status code
Match statements compare the web request or its origin against conditions that you provide
