Priya- September 12, 2022
How to Create Web Application Firewall (WAF) on Amazon Web Service(AWS).
AWS WAF is a web application firewall service that lets you monitor web requests that are forwarded to an Amazon API Gateway API, an Amazon CloudFront distribution, or an Application Load Balancer.
We can protect those resources based on conditions that you specify, such as the IP addresses that the requests originate from.AWS WAF gives near real-time visibility into your web traffic, which we can use to create new rules or alerts in Amazon CloudWatch.
- Login to aws portal.
- Click on Services.
- Under Security, Identity,& Compliance select WAF & Shield.
- Click on Create WEB ACL.
- Provide Web ACL details name
- Provide CloudWatch metric name.
- There are two type of resource type:CloudFront distributions or Regional resources.
- When we select Regional Resources.
- Click on Add AWS resources.
- Select Resource types to associate with Web ACL.
- Click on Add.
- Click on Next.
- Otherwise we can select CloudFront distributions resource type.
- Click on Add Rules & rules group.
- When we select Add managed rule groups.
- Select exisitng Add managed rule groups.
- Click on Add rules.
- When we select Add my own rules & rules groups.
- Select Rule type.
- Provide Rule name.
- Select Conditions & Statement(Inspect).
- Click on Add rule.
- Rule is created.
- Click on Next.
- Set Rule Priority.
- Click on Next.
- Provide CloudWatch Metric name.
- Click on Next.
- Review all configurations.
- Click on Create Web ACL.
- After sometime Web ACL created successfully.
Create Web Application Firewall (WAF) using Shell
- Setup aws-cli on your system so click on link https://www.hackerxone.com/blog/how-install-configure-aws-cli-ubuntu-1804
- Run the following command:
aws wafv2 create-web-acl –name Web-Acl-name –scope REGIONAL –default-action Allow={} –visibility-config SampledRequestsEnabled=true,CloudWatchMetricsEnabled=true,MetricName=TestWebAclMetrics –rules /path/of/waf-rule.json –region us-west-2
The waf-rule.json file is given below:
[
{
“Name”:”basic-rule”,
“Priority”:0,
“Statement”:{
“AndStatement”:{
“Statements”:[
{
“ByteMatchStatement”:{
“SearchString”:”example.com”,
“FieldToMatch”:{
“SingleHeader”:{
“Name”:”host”
}
},
“TextTransformations”:[
{
“Priority”:0,
“Type”:”LOWERCASE”
}
],
“PositionalConstraint”:”EXACTLY”
}
},
{
“GeoMatchStatement”:{
“CountryCodes”:[
“US”,
“IN”
]
}
}
]
}
},
“Action”:{
“Allow”:{
}
},
“VisibilityConfig”:{
“SampledRequestsEnabled”:true,
“CloudWatchMetricsEnabled”:true,
“MetricName”:”basic-rule”
}
}
]