amazon-waf questions - Page 1

krzysiexp

Asked: 2022-04-06 00:11:38 +0800 CST

DDOS AWS API Gateway protection

0

I have publicly exposed API Gateway (HTTP). To authenticate you have to provide a valid JWT.

I want to secure this APIGW with Cloudfront + WAF. After reading docs I think that API Gateway endpoint is still exposed to the Internet. The only thing that protects API Gateway is verification of Header in WAF. Attacker can still find API Gateway in the Internet and perform DDOS attack directly to API Gateway endpoint without going through Cloudfront.

Is this approach considered as secure? Cloudflare is using Tunnel to make sure that your infrastructure is not exposed to the Internet. I think this approach is much more secure. Is something like this available in AWS?

michaelr524

Asked: 2022-03-17 03:58:46 +0800 CST

How to get DDOS+WAF protection on IP/server (not domain)

0

I've used CloudFlare and it's great. But in this specific case we control the server IP address but we don't own the domain so can't use CloudFlare unfortunately because the domain owner isn't ready to migrate his DNS to CloudFlare. I would really love to have WAF+DDOS protection without changing DNS servers, is that possible? Just to be clear, the end result should be a reverse proxy (protected) IP address that the domain owner will put in the A DNS record. Achieving the same as what cloudflare offers but without migrating DNS servers..

Ernst

Asked: 2022-01-25 00:29:55 +0800 CST

Blocking Symbols on Body Aws WAF

0

I want to block string in the body that contains "&" character for example but it doesn't work

I tried to use Html decode Text transformation and also doesn't work. If I try with a word for example "phone" and I include this word in the body works perfect. Why is not working with html symbols?

Waf Configuration

Putra

Asked: 2022-01-18 02:09:51 +0800 CST

Handling DDoS HTTP Attack

0

I’ve experiencing DDoS attack today and I’ve configured Cloudflare rate limiter, also activated WAF. Cloudflare blocked several hundred thousands request. Unfortunately, my server still experiencing pretty high flood request. I don’t know why it passed Cloudflare, even if I’ve setup rate limiter.

At last I forced to disable Cloudflare proxy and let AWS Web ACL handle it. Did I miss something here? Please help. I really want to use Cloudflare since AWS Web ACL pricing just not suite well with my current financial (small startup).

Matias Haeussler

Asked: 2021-08-12 15:30:03 +0800 CST

AWS Managed Rule Pricing

1

I completely read the AWS page for AWS WAF pricing, however I am still not sure how much would it cost if I create a single AWS WAF and hire just the AWS Managed Rule Set "Core Rule Set"

As I understand it should be 5 US/month for the WAF and just 1 US/mont for the complete Managed Rule Set because its rules have not been created by me and each Managed Rule Set costs 1 US/month, and that should be that

There is the possibility that the "Core Rule Set" would cost 23 US/month as it has 22 rules, and I am not completely sure that I will not be charged by them as I do not find it to be explicit enough from the Pricing page

So would it cost 6 US/month or 28 US/month? I find it quite a big difference bucko

DDOS AWS API Gateway protection

How to get DDOS+WAF protection on IP/server (not domain)

Blocking Symbols on Body Aws WAF

Handling DDoS HTTP Attack

AWS Managed Rule Pricing

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Questions[amazon-waf](server)