Knowledge Center Monthly Newsletter - June 2025

Stay up to date with the latest from the Knowledge Center. See all new Knowledge Center articles published in the last month, and re:Post's top contributors.

How do I use AWS WAF with Global Accelerator to block Layer 7 HTTP methods and headers from accessing my application?

4 minute read

I want to block Layer 7 HTTP methods and headers with AWS Web Application Firewall (AWS WAF) and AWS Global Accelerator. My Application Load Balancer serves as the endpoint for AWS WAF rules.

Short description

You can use AWS WAF and the Application Load Balancer with Global Accelerator to block access to the Layer 7 HTTP method and headers. AWS WAF uses web access control list (web ACL) rules with an Application Load Balancer set up as an endpoint to Global Accelerator. Global Accelerator doesn't support AWS WAF by itself.

The web ACL rule associated with the load balancer evaluates incoming traffic and forwards only the rule-compliant requests to the endpoint.

Note: If you use Amazon CloudFront in your architecture, then see Accelerate and protect your websites using Amazon CloudFront and AWS WAF.

Resolution

A web ACL rule lets you control and filter incoming HTTP requests to your protected resources. You can create rules that match specific patterns in request components such as URIs, query strings, HTTP methods, or header keys. You can use exact string matches or regular expressions to define these patterns.

Prerequisites

An Application Load Balancer
Global Accelerator set up with your Application Load Balancer as an endpoint
Permissions to configure AWS WAF

Note: In this setup, you make a request to the accelerator to access the application. The accelerator routes user traffic to the Application Load Balancer and AWS WAF that's associated with it. AWS WAF evaluates and either blocks or allows the user request that has the Layer 7 HTTP method or the user-agent header value.

Create a rule-based web ACL

To create a rule-based web ACL, complete the following steps. For more information, see Creating a protection pack or web ACL in AWS WAF.

Create a web ACL

Navigate to the AWS WAF console.
Choose Create web ACL.
Name the web ACL. Select the AWS Region of the Application Load Balancer.
Associate the Application Load Balancer with the web ACL.
Choose Next.

Add a custom rule to the web ACL

Choose Add Rules. From the dropdown list, select Add my own rules and rule groups.
Under Rule builder, add a rule.
Name the rule (for example, deny_User-Agent_with_POST).
Under Type, select Regular rule.

Configure the match criteria for the rule

Select matches at least one of the statements (OR).
Under statement1, enter the following information:
Inspect: single header
Header field name: User-Agent
Match type: Exactly matches string
String to match: curl/7.79.0.

Under statement2, enter the following information:
Inspect: HTTP method
Match type: Exactly matches string
String to match: POST
For Action, select Block.

Test the results with a user-agent header value

To access the application, use the Global Accelerator URL and user-agent header value curl/7.79.0 with the GET request method.

curl http://YourGlobalAcceleratorURL -v -H "User-Agent:curl/7.79.0"
> GET / HTTP/1.1
> Host: YourGlobalAcceleratorDNS
> User-Agent:curl/7.79.0

< HTTP/1.1 403 Forbidden  
< Server: awselb/2.0
<
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

Note: Replace your Global Accelerator URL with your Global Accelerator URL, and your Global Accelerator DNS with your DNS.

AWS WAF blocks the request, and the Application Load Balancer responds with a 403 Forbidden error message.

Test the results with a POST request

To access the application, use the Global Accelerator URL and user-agent header value curl/7.79.1 with the POST request method.

curl -X POST http://YourGlobalAcceleratorURL --user "test-user:test-password" -v
> POST / HTTP/1.1
> Host: YourGlobalAcceleratorDNS
> Authorization: Basic dGVzdC11c2VyOnRlc3QtcGFzc3dvcmQ=
> User-Agent: curl/7.79.1
>
< HTTP/1.1 403 Forbidden
< Server: awselb/2.0
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

Note: Replace your Global Accelerator URL with your Global Accelerator URL, and your Global Accelerator DNS with your DNS.

AWS WAF blocks the request, and the Application Load Balancer responds with a 403 Forbidden error message.

Topics: Networking & Content Delivery
Tags: AWS Global Accelerator
Language: English

AWS OFFICIALUpdated 8 days ago

No comments

Relevant content

AWS Proxy Architecture with Global Accelerator, ALB, WAF, etc.
Accepted Answer
James Wang
asked a year ago
WAF with Global Accelerator
rePost-User-ellicottcity
asked 2 years ago
AWS Global Accelerator IP Subnet Range not up to date in ip-ranges.json
ccauchi
asked 3 years ago
AWS Network Firewall to protect against DDoS layer 7 attacks
rePost-User-2820918
asked 2 years ago
Validate Request Headers at WAF Layer to Avoid ECS App Changes?
Jo
asked 4 days ago
How do I use AWS WAF with AWS Global Accelerator to protect my application from malicious attacks?
AWS OFFICIALUpdated 2 years ago
How do I use AWS WAF to block HTTP requests that don't contain a user agent header?
AWS OFFICIALUpdated a month ago
How do I use AWS WAF to block specific file extension uploads?
AWS OFFICIALUpdated 2 years ago
How do I use AWS WAF to mitigate DDoS attacks?
AWS OFFICIALUpdated 19 days ago
DDoS Resilience - Using AWS WAF to protect against DDoS Botnets
EXPERT
Joanna K
published 2 months ago