Web Application Firewall

Web application firewall protects web applications from a variety of application layer attacks.

Attacks on apps are the leading cause of breaches—they are the gateway to personal data. With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems.

WAFs don’t protect against all types of threats and attacks; rather, WAFs are one important element of a wider suite of tools used to protect websites and apps. The rules determining what traffic is deemed safe and what is malicious — in other words, what kind of traffic a WAF will allow or block — are called “policies.”

Here is an example WAF policy to blacklist certain IPs on AWS.

## IP Blacklist
## Matches IP addresses that should not be allowed to access content
  wafrBlacklistIpSet:
    Type: AWS::WAFRegional::IPSet
    Condition: isRegional
    Properties:
      Name: !Join ['-', [!Ref stackPrefix, 'match-blacklisted-ips']]
      IPSetDescriptors:
        - Type: IPV4
          Value: 10.0.0.0/8
        - Type: IPV4
          Value: 192.168.0.0/16
        - Type: IPV4
          Value: 169.254.0.0/16
        - Type: IPV4
          Value: 172.16.0.0/16
        - Type: IPV4
          Value: 127.0.0.1/32

A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe.