Set up and log into your AWS account
Create a web access control list (web ACL)
Add conditions to a rule
One of the ways in which customers use AWS WAF is to automate security using AWS Lambda, which can analyze web logs and identify malicious requests and automatically update security rules. The following tutorials take care of going through the individual steps of configuring AWS WAF using AWS CloudFormation and include Lambda scripts to help get started protecting your web applications.
You can use our preconfigured template to quickly get started with AWS WAF. The template includes a set of AWS WAF rules, which can be customized to best fit your needs, designed to block common web-based attacks. The rules help protect against bad bots, SQL Injection, Cross-site scripting (XSS), HTTP Floods, and known attacker attacks. Once you deploy the template, AWS WAF begins to block the web requests to your CloudFront distributions that match the preconfigured rules in your web access control list (web ACL). You can use this automated solution in addition to other web ACLs that you configure.
Blocking IP addresses that exceed request limits
One security challenge you may have faced is how to prevent your web servers from being affected by distributed denial of service (DDoS) attacks, commonly called HTTP floods. In this tutorial, you will provision a solution that will identify IP addresses that are sending requests over your defined threshold and updates your AWS WAF rules to automatically block subsequent requests from those IP addresses.
Blocking IP addresses that submit bad requests
Internet-facing web applications are frequently scanned by various sources, and unless managed by you, the sources probably don't have good intentions. To find vulnerabilites, these scans send out a series of requests that generate HTTP 4xx error codes which you can use to identify and block. In this tutorial, you’ll create a Lambda function that automatically parses CloudFront access logs, counts the number of bad requests from unique sources (IP addresses), and updates AWS WAF to block further scans from those IP addresses.
Using bad actor IP blacklists to prevent web attacks
AWS WAF can help you protect your web applications from exploits that originate from IP addresses that are known to be operated by bad actors such as spammers, malware distributors, and botnets. In this tutorial, you will learn how to synchronize AWS WAF Rules with reputation lists to block the ever-changing list of IP addresses used for web attacks, keeping up with bad actors as they swap addresses and attempt to escape detection.