AWS Web Application Firewall enhances rate-based rules to support request headers & composite keys
2 277
31.6
Amazon Web Services775 тыс
Опубликовано 10 августа 2023, 20:40
AWS WAF supports additional request parameters for rate-based rules, including cookies and other HTTP headers. Customers cacreate composite keys based on up to 5 request parameters, providing more granular options for managing and securing web application traffic. With these capabilities, customers can better identify and block malicious traffic patterns while minimizing the impact on legitimate users.
Customers could already use WAF rate-based rules to automatically block requests from IP addresses that make large numbers of requests within a short period of time until the rate of requests falls below a customer-defined threshold. As attackers have become more sophisticated, they are increasingly using techniques that bypass IP-based rate limiting defenses, such as using multiple IP addresses or distributing attacks across a large number of devices. Now, WAF customers can aggregate requests by combining IP addresses with other request parameters (“keys”). Supported keys include cookies and other request headers, query strings or query arguments, cookies, label namespaces, and HTTP methods. By combining multiple request parameters into a single composite key, customers can detect and mitigate potential threats with higher accuracy. Customers can further refine rate-based rules by using WAF match conditions, allowing customers to limit the scope of inspection to specific URLs of their website or to traffic coming from specific referrers.
Learn more at: go.aws/3YsfaB5
Subscribe:
More AWS videos: go.aws/3m5yEMW
More AWS events videos: go.aws/3ZHq4BK
Do you have technical AWS questions?
Ask the community of experts on AWS re:Post: go.aws/3lPaoPb
ABOUT AWS
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.
#AWSWebApplicationFirewall #FilterWebTraffic #ManagedRules #CompositeKeys #NetworkandApplicationProtection #AWSSecurityServicesFeatureDemos #AWS #AmazonWebServices #CloudComputing
Customers could already use WAF rate-based rules to automatically block requests from IP addresses that make large numbers of requests within a short period of time until the rate of requests falls below a customer-defined threshold. As attackers have become more sophisticated, they are increasingly using techniques that bypass IP-based rate limiting defenses, such as using multiple IP addresses or distributing attacks across a large number of devices. Now, WAF customers can aggregate requests by combining IP addresses with other request parameters (“keys”). Supported keys include cookies and other request headers, query strings or query arguments, cookies, label namespaces, and HTTP methods. By combining multiple request parameters into a single composite key, customers can detect and mitigate potential threats with higher accuracy. Customers can further refine rate-based rules by using WAF match conditions, allowing customers to limit the scope of inspection to specific URLs of their website or to traffic coming from specific referrers.
Learn more at: go.aws/3YsfaB5
Subscribe:
More AWS videos: go.aws/3m5yEMW
More AWS events videos: go.aws/3ZHq4BK
Do you have technical AWS questions?
Ask the community of experts on AWS re:Post: go.aws/3lPaoPb
ABOUT AWS
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 200 fully featured services from data centers globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.
#AWSWebApplicationFirewall #FilterWebTraffic #ManagedRules #CompositeKeys #NetworkandApplicationProtection #AWSSecurityServicesFeatureDemos #AWS #AmazonWebServices #CloudComputing
Свежие видео
Случайные видео