Task for Day2

Task for Day2

What is AWS WAF?

  • AWS WAF (Web Application Firewall) is a service that protects web applications from malicious attacks by filtering and monitoring incoming traffic based on defined rules. It safeguards against common web vulnerabilities such as SQL injection, cross-site scripting, and more.

  • Set up AWS WAF.

  • Create a web access control list (web ACL) using the wizard in the AWS WAF console.

  • Choose the AWS resources that you want AWS WAF to inspect web requests for. This tutorial covers the steps for Amazon CloudFront. The process is essentially the same for an Amazon API Gateway REST API, an Application Load Balancer, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance.

  • Add the rules and rule groups that you want to use to filter web requests. For example, you can specify the IP addresses that the requests originate from and specify values in the request that are used only by attackers. For each rule, you specify how to handle matching web requests. You can do things like block or count them and you can run bot challenges like CAPTCHA. You define an action for each rule that you define inside a web ACL and for each rule that you define inside a rule group.

  • Specify a default action for the web ACL, either Block or Allow. This is the action that AWS WAF takes on a request when the rules in the web ACL don't explicitly allow or block it.

STEPS: