BLOG

Leveling Up Your AWS WAF with F5 Managed Rules

Tom Atkins Miniature
Tom Atkins
Published October 21, 2021


According to Forrester’s 2021 State of Application Security Report, a staggering 39% of all cyberattacks last year targeted web applications, and for good reason. The public-facing nature of web apps, their sprawling surface area, and the ever-present risk of code vulnerabilities make them notoriously difficult to protect—increasing the chances that attackers will find success. A study by Positive Technologies found that when penetration-tested, workloads contained an average of 22 potential security vulnerabilities, one in five of which were deemed to be of high severity. Unsurprisingly, the vulnerabilities uncovered during this study were dominated by those making up the OWASP Top 10, as shown in Figure 1.

Most common OWASP Top 10 vulnerabilities identified
Figure 1: Most common OWASP Top 10 vulnerabilities identified by the Positive Technologies web apps study

Now, when it comes to running apps on the AWS Cloud, application developers sometimes choose to prioritize getting their workloads spun up and operational as quickly as possible, while overlooking the importance of implementing application security as a “job zero” measure. Acknowledging this tendency to overlook app security and appreciating that many organizations lack dedicated in-house security expertise, AWS fashioned its own native web application firewall (WAF) designed for ease-of-use and rapid operationalization. While quick and easy to implement, the AWS WAF requires user-configured web access control lists (ACLs) to protect resources and is intended to be heavily customized to meet the needs of a diverse range of workloads. WAF customization, however, is a process that can be a challenge, as it requires specific app and domain knowledge as well as a solid appreciation of the current threat landscape.

That’s why AWS partnered with various security vendors including F5 to offer a variety of Managed Rulesets that can be attached to AWS WAF instances, up-leveling them to mitigate a range of web app and API attack types. When AWS WAF customers attach custom F5 WAF rulesets to their WAF instances, AWS users can maintain simplicity and ease-of-use while mitigating more sophisticated threats.

Figure 2: Mitigating threats by attaching F5 Managed Rules to the AWS WAF
Figure 2: Mitigating threats by attaching F5 Managed Rules to the AWS WAF

F5 currently offers four unique rulesets, each of which grants protection against different threat types:

  1. OWASP Top 10 Web Exploits Protection Ruleset: Mitigates attacks that seek to exploit vulnerabilities contained in the OWASP Top 10, including cross-site scripting (XSS) attacks, injection attacks, and many more.
     
  2. Bot Protection Ruleset: Analyzes all incoming requests and blocks any malicious bot activities including DDoS tools, vulnerability scanners, web scraper, and forum spam tools.
     
  3. API Security Ruleset: Secures against API-level attacks, XML external entity attacks, and server-side request forgery (SSRF) exploits and offers support for both XML and JSON payloads and common web API frameworks.
     
  4. Common Vulnerability and Exposures (CVE) Protection Ruleset: Defends against high-profile CVEs that can be found in popular systems such as Apache, Java, MySQL, WordPress, and many more.

Each of these rulesets is written, managed, and regularly updated by F5 security specialists, thus enabling customers to protect their apps against evolving threats—without the need for any intervention from the AWS WAF user. Whether the rules are applied to new or existing AWS WAF instances, AWS application load balancers, or AWS CloudFront, any of the F5 rulesets can be attached in minutes from the AWS WAF console with just a few click

You can find more information about any of our rulesets on their respective AWS Marketplace Listings:

If you’re considering trying out any of our rules with your AWS WAF and have any questions or need assistance, simply sign in to ask a question on the F5 DevCentral community site. One of our technical experts or a member of our outstanding community will help you get started. You can also learn more via the supporting resources below or contact F5 sales for additional support.

 

Additional Resources: