Blocking Web Traffic With WAF In AWS

Travel Triangle’s WhatsApp application was experiencing significant performance degradation due to harmful “User Agents,” leading to decreased business and reputational harm. The need to mitigate these risks prompted an exploration of various solutions, culminating in the selection of AWS WAF.

Solution:
AWS WAF was chosen for its ability to effectively block malicious traffic while being cost-efficient. This document outlines the specific steps taken to configure AWS WAF, detailing how it was used to filter and block the harmful “User Agents,” thus protecting the application’s performance and ensuring business continuity.

Introduction

What’s WAF (web application firewall)?

1. AWS WAF is a web application firewall that helps you protect your web applications against common web exploits that might affect availability and compromise security.
2. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that block common attack patterns like SQL injection and cross-site scripting.
3. It only allows the request to reach the server based on the rules or patterns you define.
4. Users create their own rules and specify the conditions that AWS WAF searches for in incoming web requests.
5. The cost of WAF is only for what you use.
6. The pricing is based on how many rules you deploy and how many web requests your application receives.
7. For example, you can deploy AWS WAF on Amazon CloudFront with an Application Load Balancer in front of your web servers or servers running on EC2.

Features of WAF

Web traffic filtering using custom rules

You can create your own rules, depending on your requirements, whether to block or allow incoming and outgoing requests. You can also customize the string that appears in your web request.
Blocking malicious requests

You can also configure rules in AWS WAF to identify and block web request threats like SQL injections and cross-site scripting.
Tune your rules and monitor traffic

AWS WAF also allows us to review our rules and customize them to prevent new attacks from reaching the server.

Application Load Balancer (ALB)

1. Load Balancer is a service that allows you to distribute the incoming application or network traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses, in multiple Availability Zones.
2. ALB is used to route the HTTP and HTTPS traffic across the targets based on the rules attached to the target group.
3. Rules determine what action is taken when a rule matches a client’s request.
4. The target group is used to route requests across registered targets as part of an action rule. Target groups consist of a protocol and target port. We can also configure health checks to monitor the status of the target group. A single ALB can route traffic to multiple target groups.
5. Targets consist of EC2 instances that are registered with the ALB as part of a target group.

Architecture Diagram

You can check more info about: WAF In AWS.

• DevOps Solution Provider.
• platform engineering services.
• AWS Consulting Services.
• DevOps Consultant In USA.