AWS WAF and Shield

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront or an Application Load Balancer responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You also can configure CloudFront to return a custom error page when a request is blocked.1


Setup Preconfigured Protections on AWS WAF - November 2016 Webinar Series

Using AWS WAF and Lambda for Automatic Protection


AWS WAF Security Automations solution architecture

Honeypot: This component creates a honeypot to lure and deflect content scrapers and bad bots. A discrete API Gateway endpoint (embedded in the web application) triggers a custom AWS Lambda function, which intercepts the suspicious request and adds the source IP address to the AWS WAF block list.

SQL injection and cross-site scripting protection: The solution automatically configures two native AWS WAF rules that protect against common SQL injection or cross-site scripting (XSS) patterns in the URI, query string, or body of a request.

Log parsing: A custom AWS Lambda function automatically parses access logs to identify suspicious behavior and add the corresponding source IP addresses to an AWS WAF block list.

Manual IP lists: This component creates two specific AWS WAF rules that allow you to manually insert IP addresses that you want to block (blacklist) or allow (whitelist).

IP-list parsing: A custom AWS Lambda function automatically checks third-party IP reputation lists hourly for malicious IP addresses to add to an AWS WAF block list.

HTTP flood protection: This component configures a rate-based rule that automatically blocks web requests from a client once they exceed a configurable threshold.

Last edited by MichaelAlber .
Page last modified on Thursday April 11, 2019 19:34:33 UTC.