AWS WAF & Shield Flashcards
What service can I have the WAF with?
- ELB
- CloudFront
- API GW
Where does the WAF sit in relation to traffic?
It sits in front of the service (CloudFront, ELB, API GW)
I have an EC2 instance with a public IP, I wnat to use the WAF, what would be a good option to get this to work?
You need to use a service in front of the EC2 as WAF dose not work with EC2 service. Yopu could use the ELB or CloudFront in fronof the EC2 and then use the WAF.
What is a WAF ACL condition?
Enable you to match incoming traffic, the condition could be XSS (cross-site scripting)
I am using an ELB and I wnat to block XSS, what options do I have?
You cna use a WAF with the ELB and you can create a WAF ACL Condition to match again XSS
I am using an ELB and I wnat to block attacks coming from China, what options do I have?
You can use a WAF with the ELB and you can create a WAF ACL Condition to match again GEO
I am using an API Gateway and I wnat to block attacks coming from China, what options do I have?
You can use a WAF with the ELB and you can create a WAF ACL Condition to match again GEO
I am using an ELB and I wnat to block attacks coming from IP (IPv4 and IPv6), what options do I have?
You can use a WAF with the ELB and you can create a WAF ACL Condition to match again IP
I am receiving a header from an attacker, this is a large header then normal, how cna I block it?
Yse a WAF ACL Condation to match on size
What is a WAF ACL Rule?
It enables you to match again a condition, you could say dis this occurs more the 2000 times in the last 5 min, then block it.
What is a WAF Rule Action?
It enables you to take and action on a WAF ACL Rule match.
What condition is available in AWS WAF?
- cross site scripting xss
My infrastructure consists of both S3 acting as an origin for static content for CF CDN and also EC2 instances behind an LB that is using the CF CDN, I wnat to block all requests form embargoed countries as part of my WF firewall, how cna I do this?
You can use geo matching condition in a WAF ACL
What condition is available in AWS WAF?
- cross site scripting xss
- Geo match
- Size constraints
- SQL INjection
- String and regex matching.
My infrastructure consists of both S3 acting as an origin for static content for CF CDN and also EC2 instances behind an LB that is using the CF CDN, I wnat to block all requests form embargoed countries as part of my WF firewall, how cna I do this?
You can use geo matching condition in a WAF ACL to create a list of countries to block. This could be automated through infrastructure as code.
I am getting a flood of suspicious requests for accessing resources, do I use an NACL to block them?
No, as the word flood was used this is a DDOS situation and requires a WAF.
What services does WAF work with?
Cloudfront
ELB (ALB)
API Gateway
Is WAF in front of the services it is protecting?
Yes 100%, this enables it to filter the incoming traffic.
When you associate WAF with a service like ELB what are you doing?
You are associating a WEB ACL to be used to filter the incoming traffic.
What is WAF?
It is a layer 7 firewall thet you can place in front of services like,
- CloudFront
-ELB
- API GW
It enables you to use ACL -> Rules-> Conditions to filter traffic.