By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Network Firewall Domain list Port

0

Hi all. I am trying to configure AWS network firewall using Domain list. I can select the http protocol in the configuration, but http seemed to be inspected regardless of the port because it was inspected even if I used a port other than 80. Is it possible to change/limit the target port?

Topics
Security, Identity, & ComplianceAWS Well-Architected Framework
Tags
AWS Network FirewallSecurityNetwork Security
Language
English
AWS-User-3899839
asked 2 years ago584 views
1 Answer
0

Hello there

Yes you can use different port ,but not with Domain lists.However if you want to do custom which can’t be achieved by domain lists or any other rule ,you can create a Suricata rule refer to this document[1].The domain list looks at the host header in http request,so the port used by http is irrelevant and http request will still contain a host header that how it works http is not limited to port 80 although it is common to see http used port 80.For more clarity please refer to the document provided[2].

Resource:

Suricata examples:https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-examples.html

Learn about how to configure:

https://catalog.us-east-1.prod.workshops.aws/workshops/d071f444-e854-4f3f-98c8-025fa0d1de2f/en-US/lab-three/step-six

[1]https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-suricata.html

[2]https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html

Nosiphiwo
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content