![]() One for IP and the other for the URl string matching. In this step, we will create 2 conditions. Just click on next and go to the Create conditions step.Ģ. Open the AWS WAF console and go to Create new ACL: After this we would need to associate this ACL with the CloudFront Distribution we want it to work for.ġ. What we will be doing is creating conditions as per requirement, adding them to rules and then finally adding these rules to web ACL in the AWS WAF service. I have setup a basic WordPress website for demo purposes of this blog and will try to allow only few IPs to be able to access wp-login.php. I decided to use AWS WAF – Web Application Firewall and give it a try and so far it seems good. The URI is actually wp-login.php which opens up wp-admin page. I was trying to figure out what to do and how to prevent unwanted logins to wp-admin of my PHP blog website. Recently there were hits from a lot of unknown IPs on the wp-login.php page of my website. For better content delivery globally, I have also used AWS CloudFront. I have a PHP application running on EC2 in a load balanced environment. AWS WAF also gives you a deeper monitoring of the traffic. The set of rules are also called web ACL. You need to specify the rules and just associate the set of rules to your AWS CloudFront Distribution. Making the experience for the user better with more security is what AWS has always aimed for.ĪWS WAF allows you to create your own set of rules to block most common attacks on Web Applications such as SQL injection or cross-site scripting etc. This service is intended to secure what you share on the world wide web via AWS CloudFront. AWS re:Invent has already begun and keeping in mind security of your applications in the cloud, AWS has launched a new service called AWS Web Application Firewall.
0 Comments
Leave a Reply. |