0

I am new to AWS, working on AWS WAF and creating ACLs. Under this, you have to write custom conditions and rules, and associate them to a Load Balancer.

So, your incoming traffic will be handled by your ACL rules.

But if I don't want to make any conditions and rules I just make an empty rule and assign it to the ACL, So the ACL cannot handle its default condition check itself?

Microsoft Azure application gateway has built-in rules you don't have to write any condition for basic attacks, So is there any feature available in AWS WAF?

Is it mandatory to write the rules for ACL? Does an ACL not handle some basic attacks itself?

lazyCoder
  • 2,544
  • 3
  • 22
  • 41

1 Answers1

0

You can create empty WebACL and associate it, but it won't do anything.

AWS WAF has a built-in condition for detecting SQL injection and cross-site scripting. Creating this condition and assigning to rule takes only a minute.

String/regex match condition is also simple to use (if you are looking to block specific traffic pattern.) Just add strings and specify field you want WAF to look for.

IP match condition is self-explanatory, just block IPs that you don't want.

There are some prepackaged rules that you can buy from AWS Marketplace, but it can be costly.

KumoNoMae
  • 301
  • 1
  • 3
  • you said AWS WAF has built-in condition just create and apply but how would I know the possible attacks by SQL injection, cross-site scripting? Microsoft Azure application gateway has built-in rules you don't have to write any condition for basic attacks, So is there any feature available in AWS WAF? – lazyCoder Apr 29 '19 at 08:27
  • You can put condition where you expect attack to come from. This can be some header, all header, or request's body, etc. See https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-sql-conditions.html Granted, it's more laborious but a lot more configurable. – KumoNoMae Apr 29 '19 at 15:38
  • It is hard to configure the rule to cover all the attacks, we have to buy ACL rule from the marketplace, Don't you think AWS should give free built-in predefined rules for the basic attacks? – lazyCoder Apr 30 '19 at 09:47
  • 1
    As of 01/15/2020 (it was available late Nov/Dec 2019), AWS WAFv2 provides AWS managed rules for OWASP top 10 threat detection. – Aurvoir Jan 15 '20 at 20:20