Tech With Htunn
  • Blog Content
  • DevSecOps
    • understanding devsecops
    • shift left in devsecops
    • what is the different between SAST and DAST in devsecops?
    • what is software composition analysis (SCA)?
    • what is Software Bill of Materials (SBOM)?
    • dependency scanning in devsecops
    • what is continuous integration in devops?
    • what is continuous delivery and deployment in devops?
    • understanding containerization
    • container scanning in devsecops
  • Data Engineering
    • what is data engineering?
    • Medallion Architecture in Data Engineering
    • understanding DataOps?
    • Difference between ETL and ELT pipeline in Data Engineering
  • IAM
    • what is Identity and Access Management?
    • understanding microsoft graph api
    • what is SCIM in IAM?
    • Different between sp and idp initiated flow in saml?
    • what is the difference between OAuth-2.0 and OIDC?
    • Understanding PKCE in OAuth-2.0?
    • what is SCIM Streaming?
    • what is the meaning of Identity broker?
  • Cloud Architect
    • what is cloud archiect?
    • Understanding even-driven architecture?
    • what is cloud native architecture?
    • what is cloud native application?
    • Understanding web application firewall?
  • SRE
    • what is SRE?
    • Meaning of toil in SRE?
    • what is error budget in SRE?
    • Difference between SLA, SLO and SLI in SRE
    • Understanding MTTR in SRE?
Powered by GitBook
On this page
  1. Cloud Architect

Understanding web application firewall?

Previouswhat is cloud native application?Nextwhat is SRE?

Last updated 4 months ago

A Web Application Firewall (WAF) is a security solution designed to protect web applications by monitoring, filtering, and blocking harmful HTTP/HTTPS traffic. Unlike traditional firewalls that protect the network layer, WAFs focus on the application layer, safeguarding web applications from common web exploits and vulnerabilities.

Key Concepts of a Web Application Firewall

  1. Traffic Monitoring: WAFs inspect incoming and outgoing web traffic to detect and block malicious requests.

  2. Rule-Based Filtering: They use predefined rules to identify and mitigate threats such as SQL injection, cross-site scripting (XSS), and other common web attacks.

  3. Custom Rules: Administrators can create custom rules tailored to the specific needs of their applications.

  4. Logging and Reporting: WAFs provide detailed logs and reports on detected threats and blocked requests, helping in security analysis and compliance.

Importance of WAF in DevSecOps

  1. Enhanced Security: WAFs provide an additional layer of security, protecting web applications from a wide range of attacks.

  2. Compliance: They help meet regulatory requirements by ensuring that web applications are secure.

  3. Real-Time Protection: WAFs offer real-time protection against emerging threats, reducing the risk of data breaches.

  4. Ease of Management: With managed rules and automated updates, WAFs simplify the management of web application security.

Example Using AWS WAF

AWS WAF is a cloud-based web application firewall that helps protect your web applications from common web exploits. Here’s how you can set it up and use it:

Setting Up AWS WAF

  1. Create a Web ACL:

    • Sign in to the AWS Management Console.

    • Navigate to the AWS WAF service.

    • Create a new Web ACL (Access Control List) and associate it with your web application resources, such as Amazon CloudFront, API Gateway, or Application Load Balancer.

  2. Add Rules to the Web ACL:

    • Managed Rules: AWS WAF provides managed rule groups that offer protection against common threats. You can add these to your Web ACL.

    • Custom Rules: You can create custom rules to meet specific security requirements. For example, you can create a rule to block requests from a specific IP address range.

  3. Configure Rule Actions:

    • Allow: Allow all requests except the ones that match the specified rules.

    • Block: Block all requests except the ones that match the specified rules.

    • Count: Count the requests that match the specified rules without blocking them, useful for monitoring and testing.

  4. Deploy the Web ACL:

    • Once the rules are configured, deploy the Web ACL to your web application resources. AWS WAF will start monitoring and filtering traffic based on the rules you’ve set.

Example Scenario

Imagine you have a web application hosted on Amazon CloudFront. You want to protect it from SQL injection and XSS attacks. Here’s how you can use AWS WAF:

  1. Create a Web ACL:

    • Name it MyWebACL and associate it with your CloudFront distribution.

  2. Add Managed Rules:

    • Add the AWS Managed Rules for SQL injection and XSS protection to your Web ACL.

  3. Create a Custom Rule:

    • Create a custom rule to block requests from a specific IP address range that you’ve identified as malicious.

  4. Deploy the Web ACL:

    • Deploy MyWebACL to your CloudFront distribution. AWS WAF will now monitor and block malicious requests based on the rules you’ve configured.

Benefits of Using AWS WAF

  • Comprehensive Protection: Protects against a wide range of web application attacks.

  • Scalability: Automatically scales with your web application, handling large volumes of traffic.

  • Ease of Use: Managed rules and a user-friendly interface make it easy to set up and manage.

  • Integration with AWS Services: Seamlessly integrates with other AWS services like CloudFront, API Gateway, and Application Load Balancer.

By using AWS WAF, you can enhance the security of your web applications, ensuring they are protected from common web exploits and vulnerabilities.