Questions tagged [amazon-waf]
The amazon-waf tag has no usage guidance.
9
questions
1
vote
1
answer
3k
views
AWS CloudWatch parse JSON case insensitive
On the WAF section of the AWS console there is a tab for "CloudWatch Log Insights" that provides a few sample queries. One of these is "Top 100 hosts".
fields @timestamp, @message
|...
1
vote
1
answer
983
views
AWS Managed Rule Pricing
I completely read the AWS page for AWS WAF pricing, however I am still not sure how much would it cost if I create a single AWS WAF and hire just the AWS Managed Rule Set "Core Rule Set"
As ...
1
vote
1
answer
1k
views
DDOS AWS API Gateway protection
I have publicly exposed API Gateway (HTTP). To authenticate you have to provide a valid JWT.
I want to secure this APIGW with Cloudfront + WAF. After reading docs I think that API Gateway endpoint is ...
0
votes
1
answer
104
views
What are the options for Layer 7 DDoS protection of AWS resources
The following are my assumptions based on AWS docs. It's only because the docs do not precisely address my questions that I'm here asking.
AWS WAF (whether used directly or via Shield Advanced) is ...
0
votes
0
answers
121
views
AWS ALB inbound requests/traffic and denial of wallet attacks
Scenario: I have an AWS ALB protected by AWS WAF with lots of AWS Managed WAF Rules, rate limiting rules, etc.
I'm having a hard time in understanding why, even requests blocked by WAF, are impacting ...
0
votes
0
answers
247
views
AWS WAF and websockets
Can anyone tell me if the AWS WAF supports websockets (wss if important)?
If so how is it costed given that it's a long lived connection and wouldn't seem to fit in to the per request style pricing I ...
0
votes
1
answer
163
views
How to get DDOS+WAF protection on IP/server (not domain)
I've used CloudFlare and it's great.
But in this specific case we control the server IP address but we don't own the domain so can't use CloudFlare unfortunately because the domain owner isn't ready ...
0
votes
0
answers
86
views
Handling DDoS HTTP Attack
I’ve experiencing DDoS attack today and I’ve configured Cloudflare rate limiter, also activated WAF. Cloudflare blocked several hundred thousands request. Unfortunately, my server still experiencing ...
0
votes
1
answer
1k
views
Do AWS WAF logs capture all traffic, or just rule matches?
I want to implement some AWS WAF rules but I need more knowledge of the quantity (origin, resource, etc) of requests that come through my loadbalancer.
Can I skip ALB logs and get logs for requests to ...