Hi All,
Please hep me with the WAF implementation. As this is new for me i had gone through some documentations as well. However i am looking for a general rules that i can deploy and test. As not sure what are the best practices to implement WAF i am looking for your help. If anyone has implemented please let me know that will be much helpful.
Regards,
Mahesh
Solved! Go to Solution.
Hi @smahesh
To implement WAF rules for AEM as a Cloud Service, follow these steps:
AWS-AWSManagedRulesCommonRuleSet
for common threat protection.{
"Name": "AllowAuthorIPs",
"Priority": 1,
"Action": { "Allow": {} },
"Statement": {
"IPSetReferenceStatement": {
"ARN": "arn:aws:wafv2:region:account-id:ipset/ipset-id"
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "AllowAuthorIPs"
}
}
{
"Name": "SQLInjectionPrevention",
"Priority": 2,
"Action": { "Block": {} },
"Statement": {
"SqliMatchStatement": {
"FieldToMatch": { "AllQueryArguments": {} },
"TextTransformations": [{ "Type": "URL_DECODE", "Priority": 0 }]
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "SQLInjectionPrevention"
}
}
{
"Name": "XSSPrevention",
"Priority": 3,
"Action": { "Block": {} },
"Statement": {
"XssMatchStatement": {
"FieldToMatch": { "AllQueryArguments": {} },
"TextTransformations": [{ "Type": "URL_DECODE", "Priority": 0 }]
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "XSSPrevention"
}
}
{
"Name": "RateLimit",
"Priority": 4,
"Action": { "Block": {} },
"Statement": {
"RateBasedStatement": {
"Limit": 1000,
"AggregateKeyType": "IP"
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "RateLimit"
}
}
By following these steps, you can effectively implement and test WAF rules for your AEM as a Cloud Service environment.
@smahesh you can check this out to get started - https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/security/traffic-f...
Hi @smahesh
To implement WAF rules for AEM as a Cloud Service, follow these steps:
AWS-AWSManagedRulesCommonRuleSet
for common threat protection.{
"Name": "AllowAuthorIPs",
"Priority": 1,
"Action": { "Allow": {} },
"Statement": {
"IPSetReferenceStatement": {
"ARN": "arn:aws:wafv2:region:account-id:ipset/ipset-id"
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "AllowAuthorIPs"
}
}
{
"Name": "SQLInjectionPrevention",
"Priority": 2,
"Action": { "Block": {} },
"Statement": {
"SqliMatchStatement": {
"FieldToMatch": { "AllQueryArguments": {} },
"TextTransformations": [{ "Type": "URL_DECODE", "Priority": 0 }]
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "SQLInjectionPrevention"
}
}
{
"Name": "XSSPrevention",
"Priority": 3,
"Action": { "Block": {} },
"Statement": {
"XssMatchStatement": {
"FieldToMatch": { "AllQueryArguments": {} },
"TextTransformations": [{ "Type": "URL_DECODE", "Priority": 0 }]
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "XSSPrevention"
}
}
{
"Name": "RateLimit",
"Priority": 4,
"Action": { "Block": {} },
"Statement": {
"RateBasedStatement": {
"Limit": 1000,
"AggregateKeyType": "IP"
}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "RateLimit"
}
}
By following these steps, you can effectively implement and test WAF rules for your AEM as a Cloud Service environment.
Views
Likes
Replies
Views
Likes
Replies