Please enable JavaScript.
Coggle requires JavaScript to display documents.
26.305: Application Firewall - Coggle Diagram
26.305: Application Firewall
Features
Protects your web app from common web exploits (Layer 7)
Layer 7 is HTTP (vs Layer 4 is TCP/UDP)
Deploy on
App Load Balancer
API Gateway
CloudFront
AppSync GraphQL API
Cognito User Pool
Define Web ACL (Access control list) Rules
IP Set: up to 10.000 IP address, use multi Rules for more IPs
HTTP headers, HTTP body or URI strings Protects from common attack-SQL injection and Cross-Site scripting (XSS)
Size constraints,
geo-match (block countries)
Rate-based rules (to count occurrences of event)-for DDoS protect
Web ACL are Regional except for CloudFront
A rule group is a reusable set of rule that you can add to a web ACL
Fixed IP while using WAF with a Load Balancer
WAF does not support NLB (Layer 4)
We can use Global Accelerator for fixed IP and WAF on the ALB