An AWS WAF Web ACL to protect PHP web applications. The Web ACL uses AWS Managed Rules to protect internet-facing applications. Web ACLs can be applied to CloudFront distributions, Application Load Balancers (ALBs), and API Gateways.

This Web ACL includes the following rules by default: 

  • PHP application: contains rules that block request patterns associated with the exploitation of vulnerabilities specific to the use of the PHP programming language, including injection of unsafe PHP functions. This can help prevent exploitation of vulnerabilities that allow an attacker to remotely execute code or commands for which they are not authorized.

Select from the following options to ensure the appropriate configuration for your environment and application: 

  • Setting the scope to Regional or CloudFront depending on the resource you want to associate the Web ACL with.
  • Use the Customize WAF Rules option to select the appropriate WAF rules to protect your application. Rules include general vulnerability and OWASP protections, known bad IP lists, specific use-cases such as WordPress or SQL database protections, and more.
  • Set the visibility configuration settings for the Web ACL and for each rule to create matching CloudWatch metrics for monitoring the WAF rules.
  • Enter the ARN for an Application Load Balancer (ALB), API Gateway or AppSync API to associate the newly created WebACL
Items
1
Size
0.8 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  WafWebAcl:
    Type: 'AWS::WAFv2::WebACL'
    Properties:
      Name: WAF_PHP_Protections
      Scope: REGIONAL
      DefaultAction:
        Allow: {}
      VisibilityConfig:
        CloudWatchMetricsEnabled: true
        MetricName: WAF_Common_Protections
        SampledRequestsEnabled: true
      Rules:
        - Name: AWSManagedRulesPHPRule
          Statement:
            ManagedRuleGroupStatement:
              VendorName: AWS
              Name: AWSManagedRulesPHPRuleSet
          Priority: 0
          OverrideAction:
            None: {}
          VisibilityConfig:
            CloudWatchMetricsEnabled: true
            MetricName: AWSManagedRulesPHPRule
            SampledRequestsEnabled: true
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

WAF ACL Settings

AWS Managed WAF Rules

Visibility Configuration

* Required field