I added the IPs to the IP set and used this IP set to whitelist rule for known hosts: For this, I have an IP set that I am using for known hosts and clients. Some of these blocks are false positives and may require whitelisting. With this enabled, we can quickly see bot traffic being rejected by navigating to:Īnd scrolling to the bottom of sampled requests and selecting the ManagedRulesBotControl block metric: Here are the steps on how the solutions were implemented.įirst, adding the rule was as straightforward as any other managed rule addition following the link below (The terraform is also included at the bottom of this article) Sometimes implementing the rules with Terraform can be a little tricky this article contains an example use case you can use to help with your implementation.Īmazon AWS describes this feature here and has documentation about the AWSManagedRulesBotControlRuleSet WAF rule here. There is a managed rule you can use and documentation on how to create exceptions to allow certain traffic. Reducing bot traffic is rather simple when using WAF in AWS. In this article, I describe and show the AWS WAF configuration in Terraform for a few use cases that may come in handy for your implementation. ![]() How to Implement Bot Control, Scope-down Statements, Allow US-only traffic, and/or Whitelist Exceptions to Rules Based on Whitelisted IPs or Header Information By: Brandon Prasnicki | Senior Cloud ArchitectĪWS WAF is a Web Application Firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. ![]() Tuning Your AWS WAF Configuration in Terraform
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |