Web Application Firewall (WAF) in General
- WAF filters, monitors, and blocks HTTP traffic to and from a web application.
- WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers.
- By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security mis-configurations. A WAF can be considered a reverse proxy.
- WAFs may come in the form of an appliance, server plugin, or filter, and may be customized to an application. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
AWS WAF
- AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
- AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules.
- You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application.
- New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns.
- Also, AWS WAF includes a fully featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
- Pricing/Charges:
- No upfront commitments.
- With AWS WAF you pay only for what you use.
- AWS WAF pricing is based on how many rules you deploy and how many web requests your web application receives.
- You can deploy AWS WAF on either
- Amazon CloudFront as part of your CDN solution or
- the Application Load Balancer (ALB) that fronts your web servers or origin servers running on EC2.
But.. what is it replacing in an otherwise traditional architecture?
After reading all through thus far, if your mind is is still wondering what is this AWS Web Application Firewall (WAF) actually replacing from an otherwise Traditional Web Application Architecture? Don't you worry, for you are not alone. The picture below is an answer to that question. It is an example use-case architecture of how WAF service provided by AWS eases your life.
For the curious mind that wants to read and know more on this, do head to the article titled, "Deploying AWS WAF on CloudFront with dynamic content from an Elastic Beanstalk Rails app".