The AWS WAF Web Application Firewall is a security service offered by Amazon Web Services. It blocks traffic on your behalf but may block desired traffic. You can take steps to ensure your system remains safe. Implement count and block ACLs. This way, you can set the firewall to allow all requests and block those it deems harmful.

Exploiting the SSRF vulnerability to get the Security Credentials related to the IAM role

If you have an aws web application firewall account, you’re likely aware of the recent breach of Capital One’s customer data. The company’s application was hosted on EC2, and the security of that application wasn’t high enough. A former AWS employee found and exploited a vulnerability in the Capital One application. As a result, he could download reams of customer data from its S3 storage. This attack was carried out against 30 other organizations as well.

The SSRF vulnerability was exploited by sending the s3 bucket URL as an input parameter to the preview applet. The attacker could then manipulate the webpage using this URL to get the Security Credentials related to the IAM role in AWS WAF Web Application Firewall. The exploit is possible because the Ecorp application server made an HTTP request to get the URL.

Creating an AWS WAF Web Application Firewall

AWS WAF is a powerful service that protects your web applications by analyzing the traffic directed to them. These systems are configured to approve or deny malicious traffic flow. Unlike traditional firewall rules, WAFs operate at a higher level than a regular firewall. This is because they analyze HTTP/HTTPS traffic in its entirety, analyzing its parameters and behavioral patterns. As a result, WAFs can identify “healthy” application traffic and vulnerable points within the code.

AWS WAF helps protect applications from DDoS assaults, slows down your website, and controls data access. For example, your WAF can handle requests and respond to them with an HTTP 403 code if they are from a hostile host. It can also handle request requests that use CloudFront’s custom 404 error. These are just some of the features that make AWS WAF so effective.

Pricing

AWS WAF’s pricing is tied to several factors, including the number of ACLs, volume of requests, and several rules added to each ACL. As a result, the pricing can be complicated, but proper planning and estimation will allow you to estimate the cost of AWS WAF based on your current usage and future requirements. If you have a small business or a large enterprise, AWS WAF’s basic pricing plan is more than enough for most needs.

While WAFs are typically free, some companies offer them as an add-on security service. However, this may limit your security features. The WAF will act as a reverse proxy, redirecting web traffic through itself before reaching your site. Therefore, you’ll want to ensure that legitimate visitors can still access your web application.

Managed Rules

AWS WAF Web Application Firewall Manages Rules can be configured to allow specific IP addresses but block others. This feature can help prevent false positives and reduce the site’s security. For example, if your website asks users to submit PHP code, you should disable Managed Rules for that specific IP address. In addition, you can use the Managed Rules list to confirm whether or not a rule has been set to “COUNT.” Once you have verified the managed regulations, you can switch them to COUNT mode to eliminate false positives.

You can use AWS WAF to block abusive requests depending on your needs. In addition, AWS WAF provides the capability to block known malicious IP addresses and reputation lists. It can also detect bots and scanner-type attacks. And with its fully-featured API, you can create, deploy, and maintain security rules in no time. Once you have configured AWS WAF, you can use the platform to develop, review, and deploy managed practices.