![]() ![]() Using some of these new match conditions, you could create a rule that would, for example, block traffic coming from a specific country, if the User-Agent HTTP header matches a certain RegEx pattern, and the size of the HTTP query string exceeds a certain number of bytes. To help mitigate the 8 kb body size limitation, AWS introduced a size constraint match condition at the same time, so you can at least write rules that simply block requests that are too large to inspect (in situations where doing so would have no adverse effects on your application).Īdditional match conditions have since been added, with cross-site scripting (XSS), geographic, and regular expression match conditions rounding out the total number of conditions to seven, including the original IP address, SQL injection, and string matching conditions. This feature was critical in completing the WAF’s ability to protect against attack vectors such as SQL injection, where the payloads are often delivered as part of the body of an HTTP POST request. One big omission was remedied not long after the initial launch of the product, adding the ability to inspect HTTP request bodies (or at least the first 8192 bytes). Since its first release-which you can read about in our original blog post Get The Last “WAF” with AWS Web Application Firewall -AWS has been slowly rolling out the majority of the missing features you would expect in a robust WAF solution. MVP: From Minimal Viable Product to Most Valuable Player Most of these have been resolved over the two years since it’s been released, with the latest and perhaps most important improvement, managed rule groups, being launched during re:Invent 2017. It provided the building blocks to create an effective WAF-especially when integrated with third-party or custom products through AWS’ powerful application programming interface (API)-but it had several obvious limitations at the time. As with many AWS services, at launch time it could have been considered a Minimal Viable Product (MVP). Amazon Web Services (AWS) first announced their managed Web Application Firewall (WAF) during re:Invent 2015. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |