Blocking web traffic with WAF in AWS

Lab Details

1. This lab walks you through the steps to block web traffic with a WAF (web application firewall) in AWS.

2. Duration: 1 Hour

3. AWS Region: US East (N. Virginia)

Introduction

WAF (web application firewall)

1. AWS WAF is a web application firewall that helps you to protect your web applications against common web exploits that might affect availability and compromise security.

2. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns like SQL injection and cross-site scripting.

3. It only allows the request to reach the server based on the rules or patterns you define.

4. Users create their own rules and specify the conditions that AWS WAF searches for in incoming web requests.

5. The cost of WAF is only for what you use. 

6. The pricing is based on how many rules you deploy and how many web requests your application receives.

7. For example, you can deploy AWS WAF on Amazon CloudFront with an Application Load Balancer in front of your web servers or servers running on EC2.

Features of WAF

Web traffic filtering using custom rules 

• You can create your own rules, depending on your requirements, whether to block or allow the incoming and outgoing request. You can also customise the string that appears in your web request.

 Blocking malicious requests

• You can also configure rules in AWS WAF to identify and block web requests threats like SQL injections and cross-site scripting.

Tune your rules and monitor traffic                                

• AWS WAF also allows us to review our rules and customize them to prevent new attacks from reaching the server.

Lab Description

Application Load Balancer (ALB)

• Load Balancer, a service that allows you to distribute the incoming application or network traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses, in multiple Availability Zones.

• ALB is used to route the HTTP and HTTPS traffic across the targets based on the rules attached with the target group.

• Rules determine what action is taken when a rule matches a client request.

• The target group is used to route requests across registered targets as part of an action rule. Target groups consist of a protocol and target port. We can also configure health checks to monitor the status of the target group. A single  ALB can route traffic to multiple target groups.

• Targets consist of EC2 instances that are registered with the ALB as part of a target group.

Web servers

• Two web servers are launched in the Private subnet to handle the web request.

• The request to web servers is shared using the ALB.

• Web servers are attached to the ALB Target group.

• Servers are pre-installed with HTTPD on both servers and have the test pages RESPONSE COMING FROM SERVER 1 and RESPONSE COMING FROM SERVER 2 respectively.

• They are attached to a security group via port 80 that allows the web traffic coming from ALB.

Tasks

1. In this lab, we will launch two web servers with an HTTPD service installed in them.

2. An Application Load Balancer (ALB) with the target group routing the traffic to the load balancer.

3. Creating an IP set in WAF i.e list of IPs to block. Here we are adding our IPv4 by getting it from https://www.whatismyip.com/.

4. Creating an ACL rule in WAF using the IP set created in the above step.

5. Testing the Response of the Load balancer without applying the WAF ACL.

6. Applying WAF rule to the Application Load Balancer.

7. Testing the working of the ALB.

Architecture Diagram