It can be deployed on the following sources: WAF also supports putting specific rules into count mode/monitor mode where requests will not be blocked but they will be tagged differently to understand how the rules works.ĪWS WAF is a prebuilt service provided for protecting applications that are hosted on the AWS cloud. For example, in the Cross-Site-Scripting payload as shown in the diagram above, the request will be blocked by WAF and it will not reach the Application Server. If a particular request matches the WAF rule. For every request from the client, WAF inspects and checks for any WAF rules that match to the requests. Web Application Firewall is configured between client and web server. In this blogpost, we will explain how AWS WAF has helped us to do so and why we switched from AWS WAF classic to AWS WAFv2 for better manageability and more visibility.įigure: Working of a Web Application Firewall Our user-first and data-driven teams have made it their priority to ensure that the Dream11 app remains protected against common as well as advanced threats and vulnerabilities. Real-time intelligence to block blacklisted sourceĪs the world’s largest fantasy sports platform with 110 million+ users, we at Dream11 run multiple contests simultaneously while maintaining optimum user experience and efficiently process millions of user requests per minute.Protection against Distributed Denial of Service (DDoS) attacks.Identification of and protection against bad bots.The end goal for any web application Firewall is to protect the application against: Web Application Firewall (WAF) is considered a critical part of an effective security solution that offers website security and strengthens the overall security posture. Enhancing security and trust with AWS WAFv2
0 Comments
Leave a Reply. |