AWS Web Application Firewall
Apurv Samadder
WAF aka Web Application Firewall , is basically used to protect our application from DDOS (Distributed Denial of Services) Attack, that is mostly done by Hacker.
So basically what is being done that hacker create many bots account or bots system that will overload the target/victim ip by sending mutliple request and in some time the target IP will be that much overloaded that it will not be able to serve the actual legitimate traffic and the website will stop to respond.
So AWS is mainly used to avoid attack for
π DDOS
π IP
π Region
π Block any particular site (google/InstagramFacebook)
Implemetation :
Step 1 ) Create a VPC and open with 2 AZ
VPC β> VPC & More β> Give some name β> Give CIDR as β10.0.0.0/16β β> AZ =2 β> Public Subnet =2 β> Private Subnet = 2 β> NAT Gateway in 1 AZ β> Create VPC
Step 2 ) Create 2 EC2 Instance in both the AZβs and allow the All traffci in SG for now. Also enable Public Ip assignment
Step 3 ) Create a Target Group
Create Targeg Group β> Instances β> Give some Name β> Select the VPC you created above β> Next β> Both the instance that we created are ready now, select both of then and βinclude as pending below β β> Create Target Group
Step 4) Create Application Load Balance
Create Load balance β> Application Load Balancer β> Give Some Name β> Internet Facing β> Network Configration as VPC that you created and select all the Public Subnets β> Select the Correct SG of the VPC β> Select the Target group that you created β > Create Load balancer
Step 5) Create Record in Route 53 in the Hosted Zone that you must have created earlier
Go to Hosted Zone β> Create Record β> Simple Routing β> give subdomain as (waf) β> Record type (A type ) β> Value/Route = Application /classic Load balancer β> Select Region where you created the Load Balancer β> Select the Load balancer that you created β> Define Simple Record β> Created Record
Step 7 ) Creating Ipsets
Go to AWS WAF β> Ip Sets β> Create Ip Sets β> Give some name β> Give the IP address of your local machine along with Subnet β> create Ip Sets
Now Go to WEB ACL β> Create WEB ACL β> Resource Type = Regional resource β> Choose Region where your instace are there β> Give some name β> ADD AWS RESOURCE β>
Next β> Rules β>
Select IP sets (this is already created in previous step and it will be populated here )
then just give Next β> Next β> Next β> Next, leave all the option as defult and create WEB ACL
Now if you try to Access the Machine machine from your Local System it wil give
After Creating WEB ACL
Before Createin ACL
Other WAF Option
We can also Block Traffic from certain Region as well
Go to WEB ACL β> Go Inside the ACL we created β> Rule β> (reffer below Snip)
And then create
Now if you try to access the URL , from USA region you wont be able to access it.
Testing ::
Go and SSH in any of the Instance you created and try to CURL the URL
Thanks for Reading till here please try implementing !!!
Subscribe to my newsletter
Read articles from Apurv Samadder directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by