By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Other

AWS WAF

AWS WAF Common Vulnerabilities Package

An AWS WAF Web ACL to protect against common vulnerabilities and known bad inputs and IP addresses. The Web ACL uses AWS Managed Rules to protect internet-facing applications. Web ACLs can be applied to CloudFront distributions, Application Load Balancers (ALBs), and API Gateways.

This Web ACL includes the following rules by default: 

  • Core rule set (CRS): contains rules that are generally applicable to web applications. This protects against the exploitation of a wide range of vulnerabilities, including high risk and commonly occurring vulnerabilities described in OWASP publications.
  • Known bad inputs:  contains rules to block request patterns that are known to be invalid and are associated with exploitation or discovery of vulnerabilities.
  • Amazon IP reputation list: contains rules that are based on Amazon internal threat intelligence. This is useful if you would like to block IP addresses typically associated with bots or other threats.

Select from the following options to ensure the appropriate configuration for your environment and application: 

  • Setting the scope to Regional or CloudFront depending on the resource you want to associate the Web ACL with.
  • Use the Customize WAF Rules option to select the appropriate WAF rules to protect your application. Rules include general vulnerability and OWASP protections, known bad IP lists, specific use-cases such as WordPress or SQL database protections, and more.
  • Set the visibility configuration settings for the Web ACL and for each rule to create matching CloudWatch metrics for monitoring the WAF rules.
  • Enter the ARN for an Application Load Balancer (ALB), API Gateway or AppSync API to associate the newly created WebACL
AWS Documentation
Items
1
Size
1.7 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  WafWebAcl:
    Type: "AWS::WAFv2::WebACL"
    Properties:
      Name: "WAF_Common_Protections"
      Scope: "REGIONAL"
      DefaultAction:
        Allow: {}
      VisibilityConfig:
        CloudWatchMetricsEnabled: true
        MetricName: "WAF_Common_Protections"
        SampledRequestsEnabled: true
      Rules:
        - Name: "AWSManagedRulesCommonRule"
          Statement:
            ManagedRuleGroupStatement:
              VendorName: "AWS"
              Name: "AWSManagedRulesCommonRuleSet"
          Priority: 0
          OverrideAction:
            None: {}
          VisibilityConfig:
            CloudWatchMetricsEnabled: true
            MetricName: "AWSManagedRulesCommonRule"
            SampledRequestsEnabled: true
        - Name: "AWSManagedRulesKnownBadInputsRule"
          Statement:
            ManagedRuleGroupStatement:
              VendorName: "AWS"
              Name: "AWSManagedRulesKnownBadInputsRuleSet"
          Priority: 1
          OverrideAction:
            None: {}
          VisibilityConfig:
            CloudWatchMetricsEnabled: true
            MetricName: "AWSManagedRulesKnownBadInputsRule"
            SampledRequestsEnabled: true
        - Name: "AWSManagedRulesAmazonIpReputation"
          Statement:
            ManagedRuleGroupStatement:
              VendorName: "AWS"
              Name: "AWSManagedRulesAmazonIpReputationList"
          Priority: 2
          OverrideAction:
            None: {}
          VisibilityConfig:
            CloudWatchMetricsEnabled: true
            MetricName: "AWSManagedRulesAmazonIpReputation"
            SampledRequestsEnabled: true
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

WAF ACL Settings

AWS Managed WAF Rules

Visibility Configuration

* Required field