AWS Network Firewall Domain list Port

Question

Hi all.
I am trying to configure AWS network firewall using Domain list.
I can select the http protocol in the configuration, but http seemed to be inspected regardless of the port because it was inspected even if I used a port other than 80.
Is it possible to change/limit the target port?

Answer

Hello there

Yes you can use different port ,but not with Domain lists.However if you want to do custom which can’t be achieved by domain lists or any other rule ,you can create a Suricata rule refer to this document[1].The domain list looks at the host header in http request,so the port used by http is irrelevant and http request will still contain a host header that how it works http is not limited to port 80 although it is common to see http used port 80.For more clarity please refer to the document provided[2].

Resource:

Suricata examples:https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-examples.html

Learn about how to configure:

https://catalog.us-east-1.prod.workshops.aws/workshops/d071f444-e854-4f3f-98c8-025fa0d1de2f/en-US/lab-three/step-six

[1]https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-suricata.html

[2]https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html

AWS Network Firewall Domain list Port

관련 콘텐츠