Working
AWS WAF is mainly used to control the way Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, or the AWS AppSync GraphQL API responds to HTTP web requests.
Web ACLs can be associated with one or more AWS resources. AWS WAF is available in the Regions listed at AWS service endpoints. We can set default action for the web ACL to indicate whether to block or allow requests that pass the rules inspections.
Each rule contains a statement to define the inspection criteria, and an action to be performed if a web request meets the criteria. If there is a match, predefined actions can be taken. Rules can be configured to block matching requests or run CAPTCHA controls against them.
AWS WAF uses web ACL capacity units to calculate and control the resources required for the rules, rule groups, and web ACLs. AWS WAF enforces WCU limits when you configure your rule groups and web ACLs. Web ACL capacity units or WCUs don't affect the inspection of web traffic.
AWS WAF manages capacity for rules, rule groups, and web ACLs:
-
Rule capacity – AWS WAF calculates rule capacity to create or update a rule. The console displays the capacity units used as one adds the rules.
-
Rule group capacity – When a rule group is modified, the changes must keep the rule group's WCU within its capacity. This ensures that web ACLs using the rule group remain within their maximum capacity.
- Web ACL capacity – The maximum capacity for a web ACL is 1,500.
Features
Web traffic filtering - AWS WAF helps create rules to filter web traffic based on IP addresses, HTTP headers and body, or custom URIs. This provides an additional layer of protection from web attacks that exploit vulnerabilities in custom or third party web applications. We can create a centralised set of rules to deploy across multiple websites. In an environment with many websites and applications, a single set of rules can be reused for all.
AWS WAF Bot Control - AWS WAF Bot Control is a managed rule group that provides visibility and control over pervasive bot traffic. Unidentified boots can consume excess resources, skew metrics, cause downtime, or perform undesirable activities. Using Bot-control, one can block or rate-limit bots like scrapers, scanners, and crawlers.
AWS WAF Fraud Control - Account Takeover Prevention is a managed rule group that monitors the application’s login page for unauthorised access to user accounts using compromised credentials. This rule protects against brute force login attempts and other anomalous login activities. Using JavaScript and iOS/Android SDKs, you can receive additional telemetry on user devices and bots that attempt to log in to the application.
Full feature API - AWS WAF can be administered via APIs. This allows organisations to create and maintain rules to incorporate them into the development and design process. Security rules can be made as part of the deployment process.
Real-time visibility - AWS WAF provides real-time metrics and captures raw requests that include details about IP addresses, geo-locations, URIs, User-Agent and Referrers. It is fully integrated with Amazon CloudWatch, making it easy to set up custom alarms during an attack. This information can be used to create new rules to protect applications better.
Integration with AWS Firewall Manager - AWS WAF deployments can be configured across multiple AWS accounts using AWS Firewall Manager. The firewall Manager automatically audits and informs the security team of an attack or a policy violation.
Benefits
Agile Protection against web attacks - Web Application Firewall rule propagation and updates are fast, thus enabling us to change the security settings of the environment when needed quickly. WAF protects web applications from attacks by filtering traffic as per the specified rules. It supports various rules to inspect any part of the web request with minimum latency.
Time-saving - The Managed rules of AWS WAF help protect the web application against common threats quickly. These rules are automatically updated as new issues emerge. Hence, there is no need to monitor them once applied. This allows developers to spend more time building the application rather than assessing threats.
Improved web traffic visibility - AWS WAF provides real-time visibility of web traffic that can be used to set new rules and alerts in Amazon CloudWatch. The developer can control the metrics used and monitor the total inbound traffic. WAF captures each web request’s header data for security analytics and auditing purposes.
Deployment and Maintenance - AWS WAF is easy to deploy and maintain. We can centrally define, manage and reuse the rules across multiple web applications that require protection. There is no need for additional software or a proxy setup for deployment, DNS configuration, and SSL/TLS certificate management.
Bot-Control - WAF provides complete visibility and control over the bot traffic of the web application. Developers can block or rate-limit the traffic from scrappers, scanners and crawlers. The AWS WAF console provides facilities to monitor bots in real-time and shows other information related to bot-traffic.
Application Security - Developers can define application-specific rules to improve web security while building applications. They can install security at multiple points in the development process, starting from the initial coding to deploying the software.
Pricing
AWS WAF charges are based on the number of web access control lists (web ACLs) created, the number of rules added per web ACL, and the number of web requests received. There are no upfront commitments. Every rule of every web ACL is charged. In addition to that, the number of web requests processed by the web ACL is also charged.
Pricing is the same across all AWS Regions. Optional security features that can be enabled on the web ACL. These charges are in addition to the AWS WAF fees. A subscription fee (prorated hourly), request fee, and analysis fee are to be paid where applicable.
Bot Control's free usage tier includes the first 10 million requests inspected per month. Fraud Control – Account Takeover Prevention free usage tier includes the first 10,000 attempts analysed per month.
FAQs
What is a Rate-based Rule in AWS WAF?
Rate-based rules are rules that can be configured in AWS WAF. It allows developers to specify the number of web requests a client IP allows. If an IP address breaches the configured limit, new requests will be blocked until the request rate falls below the set threshold.
What is the use of JavaScript SDK or Mobile SDK?
JavaScript and Mobile SDKs provide additional information on user devices and bots that attempt to log in to the web application. It improves the web application's security against automated and unauthorised login attempts.
Conclusion
This article extensively discusses AWS Web Application Firewall. We hope that this blog has helped you enhance your knowledge of the features and working of AWS WAF for protection and security against web attacks. If you want to learn more, check out our articles on Cloud Computing Infrastructure and Cloud Architecture. Learn more about Big Data, Microsoft Azure, AWS and Google Cloud. Refer to Important AWS Interview Questions to ace your Amazon Interviews.
Explore our Coding Ninjas Library and upvote our blog to help other ninjas grow. Happy Coding!
84+ registered