Implementing AWS WAF To Secure Web app against security vulnerabilities:
Introduction:
In this project we will not just explore the AWS WAF but also explore how to create VPC and its components, EC2 server and deploy app on it, implementation of WAF to protect our web app against cyber attacks and exploitation of security vulnerabilities.
Lets start the project!
First we will create new vpc:
Then creates subnets, 2 private and 2 public with diff AZs:
Now we will create one NAT gateway for internet access to public subnets, NAT gateway will be created in public subnet:
Now create the internet gateway so that public subnets and nat gateway will be able to access the internet, Also attach the IG with vpc:
Now create the two route tables and attach the private subnets with private RT and public subnets with public RT, add one default route 0.0.0.0/0 of private RT toward NAT gateway , and one default route in public RT toward IG.
Below is the example of public RT default route:
Our VPC part is completed.
Now we will create one ec2 instance in public subnet with public ip:
Access the server and install apache server on it:
⇒ sudo apt update
⇒ sudo apt install apache2
After install apache open the port 80 of the SG of your server:
Now we will create application load balancer which will sit between the waf and our app server:
Bit first create the target group and add our instance in that TG:
Add instance in it:
Now create the load balancer by using this TG:
Add TG in LB:
Also create new security group for this LB and allow port
Now paste the dns endpoint of your load balancer on browser:
Now we will create the application firewall, create the new web ACL rule:
Create the regional web acl and attach the LB in it:
Now add the rules and rule groups, for testing we will block our own ip address:
So, first create the ip sets:
Now add that in option add my own rule groups:
Once it is created, go to that LB endpoint again, it will block the ip:
Thats all in this project.