How we implement AWS WAF in our projects

If you are looking for a quick way to add security to your web application or APIs in AWS, then AWS WAF (Web Application Firewall) is a no brainer.

It offers:

1. Geo-Blocking
2. Managed rules against web-based attacks
3. Bot Protection
4. Login protection (depends on your use case)
5. Fairly cheap (unless you have a very high-traffic site)

But it does come with a bit of risk - false positives.

This is a reason why we've seen some projects where they tried to set it up, got burned by the false positives, and then quickly disabled it forever.

This is a shame because if you do it correctly, it doesn't have to be that way.

Here is our dead simple process to introduce WAF to an existing environment.

Our 3-step process for implementing WAF

The idea is simple:

1. You enable the WAF and override all the rules to COUNT (meaning "log" the request instead of blocking it).
2. Scope Down - Search the logs to identify false positives. Then, use Scope Down statements in the WAF rule set.
3. Block - Once confident, remove the override for the rule sets.

It should take you a few days to complete the cycle but it sure is easier than doing it under fire.

Watch the video for the full demo.