AWS-SCS-C02 & AWS CERTIFICATION | AWS WAF (Web Application Firewall) - AWS Certified Security

3.1.3. AWS WAF (Web Application Firewall)

First Principle: AWS WAF protects web applications and APIs from common web exploits and bots by inspecting HTTP/S traffic at the application layer (Layer 7), ensuring security and availability.

For security specialists, protecting web applications from common web-based attacks (e.g., SQL injection, Cross-Site Scripting (XSS)) is crucial. AWS WAF provides this protection at the application layer.

AWS WAF (Web Application Firewall) is a web application firewall that helps protect your web applications or APIs from common web exploits that may affect availability, compromise security, or consume excessive resources.

Key Features of AWS WAF:

Application-Layer Protection (Layer 7): Inspects HTTP/S traffic specifically.
Common Web Exploits: Protects against common attacks defined by the OWASP Top 10.
Integration Points: You deploy AWS WAF with:
- Amazon CloudFront: For global web applications and CDNs.
- Application Load Balancer (ALB): For regional web applications.
- Amazon API Gateway: For securing REST and WebSocket APIs.
- AWS AppSync: For GraphQL APIs.
Rules: Define custom rules to allow, block, or count web requests based on conditions such as:
- IP addresses (e.g., geo-blocking).
- HTTP headers, body, or query strings.
- SQL injection patterns.
- XSS attacks.
- Size constraints.
Managed Rules: Predefined, AWS-managed rule groups. Provide protection against common threats without requiring you to write custom rules.
Rate-based Rules: Automatically block or limit traffic from IP addresses that are generating an unusually high number of requests (e.g., for DDoS mitigation).

Scenario: You need to protect a public-facing web application from common web exploits like SQL injection and Cross-Site Scripting (XSS), and also block traffic from specific malicious IP addresses.

Reflection Question: How does AWS WAF, by inspecting HTTP/S traffic at the application layer (Layer 7) and allowing custom rules, fundamentally protect web applications and APIs from common web exploits and bots, ensuring their security and availability?