Securing Application with Custom Headers Using AWS CloudFront and WAF

Securing Application with Custom Headers Using AWS CloudFront and WAF

Background

Your company runs a website that is hosted on AWS. To ensure high availability and low latency for users worldwide, you used AWS CloudFront as the Content Delivery Network (CDN) in front of your web servers. To enhance security and protect against web threats, you decided to integrate AWS WAF with your CloudFront distribution. There is also a requirement that sites are supposed to be publicly available over the network, but site content will be served conditionally with request header. If User send genuine request header, then site content is allowed otherwise it will block.

Solution

To Implement this scenario, you can follow the below steps:

1.  Login AWS account, Navigate to AWS WAF

Navigate to Rules. Click on Add, select “Add my own rules and rules group”

 

 

Select Rule Builder, Enter Rule name

 

Select “doesn’t match the statement” and provide header name and header value

 

Select Action “Block” click on ADD

 

To Setup any custom response code and Response Body, Click Custom Response and select Enable Button

 

Click on Create Custom response Body for custom response message

 

Adjust the rule priority then click on Add Rule Button.

To access the Site, you can use Mod header plugin to send specific request header or for programmatic access you can use curl by passing the header values.

 

 

 

Source: Read More