WAF (Web Application Firewall)
💡 Definition
AWS WAF is a web application firewall that helps protect your web applications or APIs from common web exploits that may affect availability, compromise security, or consume excessive resources.
🔑 Key Concepts
- Web Layer Protection: Protects applications running on CloudFront distributions, Application Load Balancers (ALBs), or API Gateways.
- Rules: You define rules that allow, block, or count web requests based on conditions (e.g., IP addresses, HTTP headers, URI strings, SQL injection patterns, cross-site scripting).
- ACL (Web Access Control List): A collection of rules that WAF uses to protect a resource.
- Managed Rules: AWS or third-party managed rulesets for common threats.
⚙️ How it Works
WAF intercepts web requests before they reach your web application. It evaluates each request against your configured rules. If a request matches a "block" rule, it's denied. If it matches an "allow" rule, it's passed through.
🎯 Use Cases
- Preventing Web Exploits: Protecting against SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities.
- Rate Limiting: Protecting against DDoS attacks or brute-force logins by blocking excessive requests from a single IP.
- IP Blocking: Blocking specific malicious IP addresses.
💰 Pricing Model
- Web ACLs: Charged per Web ACL.
- Rules: Charged per rule (custom or managed).
- Requests: Charged per million web requests processed.
📝 Exam Tips (CLF-C02)
- WAF operates at the application layer (Layer 7).
- Protects web applications and APIs.
- Works with CloudFront, Application Load Balancers, and API Gateway.
- Offers allow, block, or count actions based on rules.
See Also: * Shield * CloudFront * Load Balancer * API Gateway