loading...

AWS – Configuring AWS WAF

Web application firewalls are a critical component to any secure web application. AWS WAF allows you to easily set up protection for your applications that are running on a variety of AWS services, including the following:

  • Amazon CloudFront
  • Amazon EC2
  • Amazon Elastic Load Balancer
  • Amazon API Gateway

AWS WAF protects you from a wide variety of common exploits that plague web applications, allowing you to configure rules by IP address and HTTP headers. It is even capable of detecting and stopping SQL injection attacks, which are some of the most common ways that data is exfiltrated from an application that is running on the internet.

How to do it…

In this recipe, you will configure WAF to run on top of a lambda function that publishes an endpoint via an API Gateway:

  1. Log in to your AWS account, and go to the Lambda dashboard.
  2. Create a new lambda function, and choose Author from scratch. Give it a name and click Create function:

Create function
  1. Add an API Gateway integration trigger:

Add API Gateway trigger
  1. Select Create a new API, and then Save the lambda function:

Configure the trigger
  1. Click the endpoint URL in the API Gateway configuration summary, and you should see Hello from Lambda, if you left the default function code alone:

The API Gateway stage URL for your new function
  1. Go to the API Gateway dashboard, select the new gateway you just created, and then select the default stage. Click Create Web ACL:

The API Gateway stage editor
  1. In the WAF console, create a new web ACL. Review the concepts overview and click Next.
  2. Give the ACL a name, select your region, then select your new API Gateway stage. Click Next:

Web ACL configuration
  1. Create an IP match condition and add you current IP address. If you aren’t sure what your IP is, visit a site such as https://www.whatismyip.com/, and then add /32 to the address, in order to make it comply with CIDR (short forĀ Classless Inter-Domain Routing) notation:

Add an IP address
  1. Create a rule. Give the rule a name, select the IP address that you created in the previous step, and then click Create:

Add conditions
  1. Click Review and Create; then Confirm and Create.
  2. Go back to the API stage, and select the new ACL that you just created. Save the changes.
  3. Refresh the endpoint URL, and you should seeĀ {"message":"Forbidden"}.

With this recipe, you have successfully integrated AWS WAF with an AWS lambda function. You can apply what you have learned here to other resources, such as EC2 instances sitting behind an application load balancer, and you can create more complex rules in order to meet your needs.

How it works…

AWS WAF works by applying web ACLs to resources such as API Gateway stages. Web ACLs consist of conditions, such as traffic originating from a certain IP address, and rules, which specify what happens when a certain condition is met.

Examples of conditions are as follows:

  • Scripts
  • IP addresses
  • Geographic locations
  • Request length
  • SQL code in the request
  • Headers

Examples of rules are:

  • Regular rules that simply check conditions
  • Rate-based rules that only apply if a certain condition is met a number of times

Web ACLs have a default action, such as allowing all traffic, and actions to take when a rule is activated, such as denying traffic from a certain IP.

There’s more…

The AWS marketplace features managed rules for AWS WAF, which are provided by AWS Partners, to save you time in writing your own firewall rules. These managed rules, which can be purchased via the marketplace, offer rules such as the following:

  • Cyber Security Cloud’s OWASP Security Set
  • F5’s Bot Protection Rules and Common Vulnerabilities and Exposures (CVE)
  • Fortinet’s SQLi/XSS rules
  • TrendMicro’s WordPress protection

Comments are closed.

loading...