AWS WAF

WAF is a web application firewall that lets you monitor the HTTP(S) requests that are forwarded to a CloudFront distribution, an API Gateway REST API, an Application Load Balancer, or an AppSync GraphQL API and it also lets you control access to your content.
Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the service associated with your protected resource responds to requests either with the requested content or with an HTTP 403 status code (Forbidden).
- You can also configure CloudFront to return a custom error page when a request is blocked.

Rule statements

Rule statements are the part of a rule that tells WAF how to inspect a web request, e.g. you could have a statement that provides a set of originating countries to check your web requests for.
Rule statements can also be very complex, e.g. you could have a statement that combines many other statements with logical AND, OR, and NOT statements.

Web ACLs

This is the centralized place that contains the rules, rule statements and associated configuration for the Web ACL associated to it.

Rules

Each rule contains:
- A statement that defines the inspection criteria.
- An action to take if a web request meets the criteria.
Three types of rules:
- Match statements compare the web request or its origin against conditions that you provide.
- Logical rules statements allow you to combine other statements or negate their results.
- Complex statements.
An example of a match statement is a XSS scripting attack rule (inspects for cross-site scripting attacks in a specified request component).
An example of a complex statement is a rate-based rule (tracks the rate of requests from individual IP addresses).
When a web request meets the criteria, that's a match.
If you define more than one Rule in a Web ACL, WAF evaluates each request against the Rules in order based on the value of Priority.
- WAF processes rules with lower priority first.

Rules groups

You can use rules individually or in reusable rule groups.
Rule groups can't contain the following rule statement types:
- Rule group reference statements.
- Rate-based rule statements.
You can reuse a single rule group in multiple web ACLs by adding a rule group reference statement to each web ACL.
- You can't reuse a web ACL.

PreviousSecurity Hub NextSystems Manager

Last updated 4 years ago

Was this helpful?

Rule statements

Rule statements are the part of a rule that tells WAF how to inspect a web request, e.g. you could have a statement that provides a set of originating countries to check your web requests for.

Rule statements can also be very complex, e.g. you could have a statement that combines many other statements with logical AND, OR, and NOT statements.

Rules

Each rule contains:

A statement that defines the inspection criteria.
An action to take if a web request meets the criteria.

Three types of rules:

Match statements compare the web request or its origin against conditions that you provide.
Logical rules statements allow you to combine other statements or negate their results.
Complex statements.

An example of a match statement is a XSS scripting attack rule (inspects for cross-site scripting attacks in a specified request component).

An example of a complex statement is a rate-based rule (tracks the rate of requests from individual IP addresses).

When a web request meets the criteria, that's a match.

If you define more than one Rule in a Web ACL, WAF evaluates each request against the Rules in order based on the value of Priority.

WAF processes rules with lower priority first.

Rules groups

You can use rules individually or in reusable rule groups.

Rule groups can't contain the following rule statement types:

Rule group reference statements.
Rate-based rule statements.

You can reuse a single rule group in multiple web ACLs by adding a rule group reference statement to each web ACL.

You can't reuse a web ACL.