Overview
- Web Application Firewall
Model
- Integrates with CloudFront
- Before hitting Origin server
- Can inspect HTTPS traffic
- Runs on the edge servers (Global)
- Integrates with ALB (Regional)
- Features
- SQL Injection (SQLi)
- XSS
- Custom rules
- User Agents (bad bots)
- Content scrapers
- Request Rate
- CloudWatch metric is published
- Testing
- Count how many requests would be affected
- View sample of requests forwarded to AWS
- Marketplace rules available
- e.g. protecting WordPress
Web ACL
- ordered list of rules (1+)
- First match wins
- Default - what if none matches
- block or allow
Rule
- Collections of conditions (1+)
- AND'ed to together
- Action
- allow - content
- deny - 403 or custom error page
- count - testing (see how many apply)
Condition
- Predicate about request
- URI
- Query String
- HTTP Header
- IP address
- Transformations (attackers often try to camouflage requests)
- Strip whitespaces
- Simplify HTML tagging
- Convert to lowercase
- Simplify command line
- URL decode
- Filter
- StringMatch
- SqlInjection Match
- "Match at least one"
Shield
- Protection against DDOS attacks
- Standard
- Common DDOS attacks (SYN flood, UDP reflection)
- Advanced
- $3K/month
- Forensic reports
- AWS DDOS team support
- Reimbursement (Route53, ELB, CloudFront) - works like insurance
No comments:
Post a Comment