Questions tagged with AWS WAF
Content language: English
Sort by most recent
AWS WAFv2 determine header order
I am wondering if it is possible to determine the header key order in the request then use this value in rules? For example the header object would contain the following | Head | Head | | --- | --- | | httpRequest.headers.0.name | Host | | httpRequest.headers.0.value | api.test.com | | httpRequest.headers.1.name | user-agent | | httpRequest.headers.1.value | Mozilla/5.0 (Linux; Android 10; SM-A217F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/22.214.171.124 Mobile Safari/537.36 | I want to check httpRequest.headers.1.name to see if this was user-agent
Architecture options for WAF-ALB-combinations
Hello, I'm currently working on the implementation of a WAF in front of several ALBs. While the idea of a central WAF for all ALBs seems to be the most common one, I'm wondering whether having one WAF per ALB in a decentralized model could also have some perks, e.g. separate log groups and a better customization of the necessary settings. Does anyone have experience with the decentralized model or reasons why they went with one of the options instead of the other and could help me with the evaluation of the two models?
The web acl is associated with the Application Load Balancer in the AWS region. After a few hours, it is found that the association has been cancelled
I want the web acl to be associated with the Application Load Balancer in the AWS region, after a few hours, I found that the association was cancelled, repeated many times with the same result, and in the Application Load Balancer configuration item integrated service (AWS WAF) shows: This Application Load Balancer does not support WAF, I don't know where the configuration is wrong，thank you
API Gateway and a FW Appliance will one do all
We are migrating most of our on-prem to AWS, but will have a VPN connection between them. Traditionally we have used fortigate FWs on premise which act as the GW to all traffic from the internet. A lot of our customers connect to APIs and websites we host. On-prem the APIs use the KONG GW behind the FortiGate's and for the Websites we use a NLB behind the Fortigates. I'm stuck between the decision of using a API gateway with Cloud Front alone or using a FW appliance in front of the API GW. The API GW only deals with HTTP & HTTPS traffic, hence for other services we may be putting in AWS I would have thought we would need a FW appliance. As the AWS account will be dealing with Ingress Internet traffic, we will need traffic inspection which both solutions provide. We will also be creating multiple VPCs for DEV, ITG and Prod. So I was looking at the GWLB so we could also create a Security VPC with FW Appliances that could serve the different VPCs for Ingress and Egress traffic. Is it normal to want to use a FW appliance and API GW at the same time. I see no examples on the internet. I'm aware you can put a WAF device between Cloud Front and the API GW and I'm also aware you can put you API GW behind a FW Appliance in a private subnet. I just want to follow best practice. Surely an API GW will not do everything for me, what about all the other services/protocols which maybe in use. The API GW will be needed, but I'm also thinking I will need a FW Appliance. Regards
AWS WAF to block automated bot from stealing content.
Ciao I am trying to use bot control to block bot and content scrapper from stealing content on client blog. After setting up WAF i realized some bot still are still stealing content and google news not working. I am using an ALB. If i turn on Anonymous IP List, it blocks the bot but also block VPN and Proxies. Please how can i go about it, so it doesn't block service i need and use, but block automated bot from stealing content. Best Regards
How to associate Web ACL rule to EB/ALB on creation?
I created a Web ACL rule that allows traffic to two exact URI paths and blocks everything else. I am able to manually associate it to my Application Load Balancer, but when I terminate my Elastic Beanstalk environment (which the Application Load Balancer is a part of) and recreate the Elastic Beanstalk environment the rule is not associated with the new Application Load Balancer that is created. Is there a way to configure it so that my Web ACL rule is associated with the Application Load Balancer with the Elastic Beanstalk environment is created?
Clicking Add rule with the rule builder for a Web ACL in AWS WAF does nothing (no errors), the browser console shows WAFLimitsExceededException, we have no other WAFs
I've created my first WAF/Web ACL for a Cloudfront distribution, I'm trying to block some links by query string matches. When I click Add rule, there are no errors thrown, nothing happens. Checking the browser console shows: WAFLimitsExceededException: AWS WAF couldn’t perform the operation because you exceeded your resource limit. We have no other WAFs, and only one Web ACL I've just created and want to add a single Rule on.
AWS Internal IP Reputation Lookup
Hello! I have recently been experiencing some Error 403 issues with accessing AWS/CloudFront services, and I believe it may be reputation related. Does AWS have a lookup to tool to check for IP reputation on there internal lists? https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html Thanks in advance!