WAF: Web Application Firewall

Question 1

What is a Web ACL?

Answer 1

A set of rules within rule groups that define how you want to secure and protect applications using a Web Application Firewall.

Question 2

How can you implement a feedback loop to constantly improve Web Application Firewall rules?

Answer 2

By sending logs (through S3, CloudWatch Logs, or Firehhouse) to a Lambda event driven process that analyzes the logs and makes improvements to the Web ACL rules automatically.

Question 3

When do you have to define a Region for a Web ACL when do you not have to define a Region?

Answer 3

You don’t need a Region when using a Web ACL on CloudFront.

You need a Region when using regional services like Application Load Balancer, API Gateway, and AppSync. The Region must be the same as the Region your services are running in.

Question 4

What is a Web ACL Capacity Unit?

Answer 4

A measure of complexity for a Web ACL.

Question 5

What are Web Application Firewall Rule Groups?

Answer 5

A collection of rules that are provided by AWS, you, or from the Marketplace.

Question 6

What are the three parts of a Web Application Firewall Rule?

Answer 6

Type: Regular or rate-based
Statement: (WHAT to match) or (COUNT) or (WHAT & COUNT)
Action: Allow*, Block, Count, Captcha, custom response (custom header), label (internal to WAF and passed to other rules)

*Allow is not available for rate-based rules

Question 7

How are you charged for Web ACLs?

Answer 7

Monthly fee per Web ACL +
Monthly fee per rule +
Monthly fee per 1 million Web ACL requests

There are also some upcharges for enhanced features.