| eG Monitoring |
|---|
Measures reported by AWSAmazonWAFTest AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. A rule identifies the requests that you want to allow, block, or count. You can add one or more rules to a WebACL, and associate each rule with an action (allow/block/count) - for example, block requests from specified IP addresses or block requests from specified referrers. You also need to specify a default action for a WebACL. You can then associate the WebACL with an Amazon CloudFront distribution or an Application Load Balancer (ALB) - services that AWS customers commonly use to deliver content for their websites and applications. These services receive requests for your web sites and forwards those requests to AWS WAF for inspection against the rules configured in the WebACL. If you add more than one rule to a WebACL, a request needs to match only one of the specifications to be allowed, blocked, or counted. Once a request meets one of the conditions defined in your rules, AWS WAF instructs the underlying service to either block or allow the request based on the action you define. Periodically, administrators must track the requests allowed and/or blocked to understand whether/not your web aplications/sites are well-protected against malicious attacks. In the process, administrators can isolate ineffective or incorrectly configured rules/WebACLs and the security threats they pose. Administrators can then proceed to fine-tune these rules/WebACLs, so that their mission-critical applications are more secure. This is where, the AWSAmazonWAFTest helps! By default, this test automatically discovers the rules configured in the AWS Web Application Firewall. For each rule, the test reports the count of requests that fulfill at least one of the specifications of that rule and that have been allowed and/or blocked as per that rule. This will enable administrators to figure out how many requests are allowed and/or blocked by each rule, and in the process, identify those rules that may have been configured incorrectly (eg., rules that were defined to block certain requests, but are allowing them), and/or poorly (eg., rules that are blocking less requests than they should). Such rules are candidates for deletion or fine-tuning. You can optionally configure this test to report metrics for each WebACL. By comparing the measures reported by this test across WebACLs, administrators can rapidly identify WebACLs that may have to be reconfigured. Outputs of the test : One set of results for each rule / WebACL, depending upon the option chosen from the WAF FILTER NAME parameter. The measures made by this test are as follows:
|