AWS Web Application Firewall Hands-On
Demo
In this demo, we will:
- Create a simple web application using Amazon S3
- Set up Amazon CloudFront to serve the S3 website
- Create an AWS WAF Web ACL
- Configure WAF rules to block SQL injection and XSS attacks
- Associate the Web ACL with the CloudFront distribution
- Test the WAF setup
- Clean up resources
Agenda
Create S3 bucket
waf-demo-924712
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>AWS WAF Demo</title>
</head>
<body>
<h1>Welcome to the AWS WAF Demo</h1>
<p>This is a simple web application protected by AWS WAF.</p>
</body>
</html>Index.html
Enable Static website hosting
index.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::your-bucket-name/*"
}
]
}
Create CloudFront distribution
We will add this manually later
DemoWebACL
Add rules and rule groups
Add Custom Rule
BlockSQLInjection
BlockXSSAdd 2nd Rule
Set rule priority - optional
Review and create web ACL
Associated AWS resources
Test
Direct
Cross Site Scrpting Attack
https://d1jcqtixiy2rcs.cloudfront.net/?input=<script>alert('XSS')</script>
SQL Injection Attack
https://d1jcqtixiy2rcs.cloudfront.net/?id=1+AND+SLEEP(5)Clean Up
Delete Web ACL
Disassociate
Delete Web ACLs
Disable CloudFront Distribution
Delete index.html from S3 Bucket
permanently delete
Delete S3 Bucket
waf-demo-924712
Delete CloudFront Distribution
