Ensuring website security using WAF

Introduction

Web security is an important aspect of any website, web application, or online service. Undertaking security measures is important to defend the website against threats such as malware, hacking data breaches, and DDoS attacks. Exemplifi is a web design and development company and in this article, we will go through the efficient ways in which Exemplifi was able to ensure web security using Web Application Firewall (WAF).

Web Security

Websites are prone to be exposed to cyber-attacks and it could occur for a multitude of reasons like financial gain, data theft, DDoS, ransomware, competition, and much more. Ensuring security on websites is important for the protection of sensitive information, preventing financial loss, maintaining customer trust, and avoiding downtime. Web security can be maintained in various ways using HTTPS, Web Application Firewall (WAF), secure coding practices, authentication and access controls, data encryption, and much more.

Web Application Firewall (WAF)

As discussed above, WAF is a security solution that helps to protect web applications from cyber attacks. WAF operates by monitoring and filtering the HTTP traffic between a website and a web application, acts as a shield, and prevents malicious web traffic from entering the application.

How WAF ensures web security

WAF analyzes the incoming web requests and decides whether to allow or deny entry according to the custom rules which are designed to detect and mitigate common application threats and vulnerabilities. The rules can be of many types and are tailored to prevent complex threats and application-specific vulnerabilities. Below are some of the important rules which provide optimum security to the application.

  1. Bot control blocks the malicious bots while allowing legitimate traffic thereby providing security to the application. The customizable rules help in mitigating automated threats like scrapers and scam bots.
  2. Cross-site scripting (XSS) helps to prevent attackers from injecting malicious scripts that compromise the data or actions of users and customization will help in addressing application-specific XSS vectors that can be exploited by attackers.
  3. SQL injection prevents attackers from injecting malicious SQL code to compromise data and customization helps in detecting and preventing specific SQL patterns targeting known vulnerabilities in the application’s database.
  4. Cross-site Request Forgery (CSRF) prevents attackers from tricking user’s browsers into executing unwanted actions on a web application in which the user is authenticated. It restricts the exploitation of trust a web application has on the user’s browser 

Setting it up on AWS

Setting up a Web Application Firewall (WAF) can vary greatly depending on the specific WAF solution you choose (e.g., AWS WAF, Cloudflare, ModSecurity). Here, I'll illustrate a basic example using AWS WAF and Python to show how you might programmatically configure a simple WAF rule to block IP addresses deemed malicious. This example assumes you're familiar with AWS services and have the AWS CLI and Boto3, the AWS SDK for Python, installed and configured.

Step 1: Install Boto3

If you haven't installed Boto3, you can do so by running:

pip install boto3
view raw gistfile1.txt hosted with ❤ by GitHub

Step 2: Create a Python Script to Set Up the WAF Rule

This Python script will use Boto3 to create a new IP set (a list of IP addresses) and then create a rule to block requests from these IPs. Finally, it associates this rule with a WebACL, which acts as a container for the rules.

import boto3
# Initialize the WAFv2 client
waf_client = boto3.client('wafv2', region_name='us-east-1') # Adjust the region as necessary
# Create an IP set (replace 'yourIPSet' with a name for your IP set)
ip_set = waf_client.create_ip_set(
Name='yourIPSet',
Scope='REGIONAL', # Use 'CLOUDFRONT' for CloudFront distributions
IPAddressVersion='IPV4',
Addresses=[
'10.0.0.1/32', # Example malicious IP to block
],
Description='IP set for blocking requests'
)
ip_set_id = ip_set['Summary']['Id']
# Create a rule to block the IPs in the set
block_rule = waf_client.create_rule_group(
Name='BlockRuleGroup',
Scope='REGIONAL', # Match the scope used in your IP set
Capacity=100, # The rule capacity required for this rule group
Rules=[
{
'Name': 'IPBlockRule',
'Priority': 1,
'Statement': {
'IPSetReferenceStatement': {
'ARN': ip_set_id,
}
},
'Action': {
'Block': {}
},
'VisibilityConfig': {
'SampledRequestsEnabled': True,
'CloudWatchMetricsEnabled': True,
'MetricName': 'IPBlockRuleMetric'
}
},
],
VisibilityConfig={
'SampledRequestsEnabled': True,
'CloudWatchMetricsEnabled': True,
'MetricName': 'BlockRuleGroupMetric'
},
Description='Rule group to block specified IPs'
)
print("Rule and IP set created successfully.")
view raw gistfile1.txt hosted with ❤ by GitHub

Enhancing the Script

For a more detailed exploration, let's expand on the initial setup with a scenario where we add more specific rules to our WAF configuration. This time, we'll include rules that protect against SQL Injection and Cross-Site Scripting (XSS) attacks, two common threats to web applications. We'll then generate a new image to illustrate this enhanced setup.

Enhancing the Python Script

We'll modify our script to add SQL Injection and XSS protection rules. Note that managing WAF rules can get complex, so it's crucial to understand the nature of the threats and how best to configure your rules.

# Assuming continuation from the previous script
# Function to create a rule
def create_rule(name, priority, statement, action, visibility_config):
return {
'Name': name,
'Priority': priority,
'Statement': statement,
'Action': action,
'VisibilityConfig': visibility_config
}
# SQL Injection protection rule
sql_injection_rule = create_rule(
name='SQLInjectionProtection',
priority=2,
statement={
'SqliMatchStatement': {
'FieldToMatch': {'AllQueryArguments': {}},
'TextTransformations': [
{'Priority': 0, 'Type': 'URL_DECODE'},
{'Priority': 1, 'Type': 'HTML_ENTITY_DECODE'}
]
}
},
action={'Block': {}},
visibility_config={
'SampledRequestsEnabled': True,
'CloudWatchMetricsEnabled': True,
'MetricName': 'SQLInjectionProtectionMetric'
}
)
# XSS protection rule
xss_protection_rule = create_rule(
name='XSSProtection',
priority=3,
statement={
'XssMatchStatement': {
'FieldToMatch': {'AllQueryArguments': {}},
'TextTransformations': [
{'Priority': 0, 'Type': 'URL_DECODE'},
{'Priority': 1, 'Type': 'HTML_ENTITY_DECODE'}
]
}
},
action={'Block': {}},
visibility_config={
'SampledRequestsEnabled': True,
'CloudWatchMetricsEnabled': True,
'MetricName': 'XSSProtectionMetric'
}
)
# Update rule group with new rules
updated_rule_group = waf_client.update_rule_group(
Name='BlockRuleGroup',
Scope='REGIONAL',
Id=block_rule['Summary']['Id'],
Rules=[sql_injection_rule, xss_protection_rule], # Add the new rules
LockToken='string', # Acquire LockToken from the rule group's describe call
VisibilityConfig={
'SampledRequestsEnabled': True,
'CloudWatchMetricsEnabled': True,
'MetricName': 'EnhancedBlockRuleGroupMetric'
},
)
print("Rules for SQL Injection and XSS protection added successfully.")
view raw gistfile1.txt hosted with ❤ by GitHub

Conclusion

In conclusion, the process of setting up and configuring a Web Application Firewall is an essential component of modern web application security. By leveraging tools like AWS WAF and Boto3, developers and security professionals can create a dynamic, responsive security posture that protects against a wide array of threats. The flexibility to customize rules means that a WAF can be tailored to the unique needs of each application, providing a robust defense layer that evolves alongside emerging security challenges. This approach not only safeguards valuable data and services but also fosters trust among users and stakeholders in an increasingly hostile digital landscape.

If you enjoyed this post please follow us on LinkedIn, X and Facebook

Related Insights

Subscribe to our newsletter