How do I block common attacks with AWS WAF?
Last updated: 2020-01-23
How do I configure AWS WAF to protect my resources from common attacks?
Follow these steps to set up AWS WAF protection against common attacks. Be sure to:
- Configure the Automated Deployment template to use either the eight default security rules or customize the rules based on your use case.
- Configure cross-site scripting match conditions to defend against cross-site scripting attacks (XSS attacks).
- Configure SQL injection match conditions to defend against SQL injection attacks.
- Configure IP match conditions to defend against attacks from known bad IP addresses. For an example, see Tutorial: Blocking IP Addresses That Submit Bad Requests.
- Create a Rate-based rule to defend against brute-force HTTP flood attacks by managing clients that send multiple web requests exceeding a specified threshold. AWS WAF only blocks client IP addresses when the incoming request count is above threshold. Client IP addresses that are blocked when traffic is above threshold are unblocked when traffic decreases to below threshold.
Note: If you don’t specify an optional match condition, all traffic requests count towards the rate limit in and increment the request counter.