91. Overview of AWS WAF
Hey everyone, and welcome back to the KP Labs course. So in today’s lecture, we’ll be discussing the AWS web application firewall offering. So this is a pretty interesting and fairly straightforward bath that is offered by AWS. So let’s take a look at what it is and how it works. So AWS WAV basically works based on conditions, rules, web seals, and associations. So this might be a little confusing to start with. So what we’ll do is we’ll take a very simple use case which will help us understand the entire flow based on which the AWS vast really operates. So let’s take an example. So let’s suppose that I live in place A in Bangalore and that I want to meet a friend who is living in place B.
So I’m living in place A, and I want to meet a friend who is living in place B. So, in order to meet a friend, I must definitely travel. So before traveling, you should remember that Boston is known for its traffic. So before that, before I can actually travel, I have certain conditions. The first condition is whether the traffic is light or whether there is a huge traffic. That is the first condition that I have. So, secondly, is there an Uber or Ola available so that I can hire a cab and get to location B? Because it’s not necessary that public transport should always help you reach a destination, So there are two conditions. So now these are the two conditions that I have. This is the condition section. So there can be multiple conditions here. Now let’s go to the rules part. So, what do I do within the rules plot? I combine the combination conditions. So if traffic is less and if Uber and Olas are available, you are making an assumption that this is true and that the second condition is also true. So that is what the rules define.
Okay? So you can have multiple conditions. You can combine multiple conditions in a rule. Now, what happens if these two conditions meet? So if they meet, then yes, the rule is taken. If they do not meet, then the no rule is defined. So we’re like, “Okay, if these conditions are met, then okay, I’ll go meet my friend.” If they do not meet, then okay, I’ll stay at home and go some other day. So this is like allow-or-deny-based rules. Now these are the three conditions. Now, the last is association. So this is linked to me, which is read. So entire part.So I hope you understood. You have the condition. You have the rule, which contains multiple conditions. You have the web ACLs, which define whether to allow or block. So either I should go or I should stay back. And association. So is it associated with me? Is it associated with some other person? This is what the association is all about. Great, so we’ll understand this in great detail. So let’s take each of them on a separate page and understand them in great detail.
So first, the conditions. So a condition basically defines the characteristic that needs to be analysed within the HTTP-based web request. So there can be multiple conditions. So as far as AWS WAF is concerned, there are a total of six conditions that it supports. You have SQL injections, cross-site scripting, and geographic location, such as if someone is coming from Russia, which becomes a condition. So all of these are part of the geographic location. You have a condition based on the length of the request. So there are multiple conditions that are defined. So when you talk about rules, if you have defined multiple conditions, you can add them in an appropriate manner to a rule. So talking about rules, again, we can combine multiple conditions into a rule to precisely target a specific HTTP request. So there are two types of rules available. One is the regular rule, and the second is the rate-base rule.
So, in the case of a regular rule, let’s say a request comes from 172-30 and includes SQL-like code; these are two distinct conditions. So in one rule, there can be multiple conditions, and they are treated as such, so if a request is coming from this IP and the request contains SQL-like code, then this becomes a rule. So this is a regular rule. Now, there is also a rate-based rule. So a rate-base rule is a regular rule plus the rate-limiting feature. So the same thing if the request is coming from 17230 00:50, they include to be an SQLi code and ifthe request exceeds 1000 requests in ten minutes, so there isa rate limiting feature in the rate based rule.
Okay, so let’s look at the first sample. So what happens if the request is coming from this IP and it includes the SQL I code? Should it be allowed? The question of whether it is allowed or not is defined in the web session. So Web ACL is pretty simple. You have a condition, and if the condition is met, what should be done? You can decide whether you should allow, whether you should block, or whether you should just count. So there are three types of action. You either allow it, you either block it, or you just count it. These are the three conditions that are allowed. Now, the last is association. Now comes the question of who these three entities should be associated with.
Should it be associated with the EC? For instance, should it be associated with the load balancer with a CloudFront distribution? So association is a very important concept because, as of now, the vast majority cannot be associated with the EC. For instance, there are only two supported associations. One is the application load balancer, and the second is the cloud front. So this is something that you need to remember that you cannot directly attach to the EC to make an instance perfect. So much theory has already been examined; let us now investigate the AWS WAV and each of these. So I’ll go to the Wave and Shield. So they have the combined page as of now. I’ll go to the AWS valve, and if you look into the conditions, there are six conditions that are part of the val as far as 2018 is concerned, and again, this will increase in the future. But currently these are six conditions which are added.GeoMatch is something that is quite interesting, because let’s assume that you have an e-commerce website based in India.
So you don’t really need to have a request that is coming from Russia or some other part of the world. So you can actually block all requests from other countries except India. So, this is a very interesting condition, and I recommend that many startups based solely in India with Indian customers implement the GeoMatch-based conditions anyway, so I’ll show you. So these are the conditions. Now, within the GeoMatch condition, you can have multiple conditions. So let me put the Virginia So you’ll have to select the region, and within this I have a condition that is already created called a “geo condition.” So this is the name of the condition. Now, within this condition, what I have is a filter for India, so it will look at all the requests that are coming from multiple countries and have the capability to check whether the request is coming from India or from a country that is not India. So I have one condition. So now I go to rules.
So far, we’ve looked at how to include conditions within rules. So, I have attached this specific condition. Within this rule, there can be multiple conditions that can be attached, and I have a rule, I have a condition, and the last is a web ACL. So I’ve attached a rule to the web SEL. So you see, I have associated this rule, which basically checks whether it should allow or block requests. So currently, it’s allowed. So let me click on “block.” So what it will do is check whether the request is coming from India or not. If it is coming from India, then the action is allowed. Now, if it is not coming from India, you have a default action of whether to allow or whether to block. So I’ll say okay; I’ll click onblock because okay isn’t really necessary.
So this is what web ACLs are generally all about. Now, AWS Web has a nice little graph that gives you an overview of blocked requests, allowed requests, and various others. This is where you can generate samples if you do a georeferenced sample. It can actually tell you from which IPS the requests have been coming in. We’ll be looking into it during the implementation part, but this is where it gives you a great deal of detail. So let’s look into whether it really works. So currently I’m based in India, so this specific map is connected to my load balancer. So I’ll show you this. So I’ll add an association. I’ll associate it with my application load balancer. So currently, this is associated with the load balancer.
We already discussed the association part. There are only two associations. One is the application load balancer, and the other is the cloud front. So currently, this is associated with the application load balancer. So I’ll quickly go to the ALB to verify whether it is actually connected or not. So I’ll go to the load balancer, I’ll go to the KPLabs ALB, and if you look into the web ACL, I already have a Vape ACL rule that is associated. Perfect. So now let’s look at whether it’s actually working or not. So we’ll send two requests to the ALB: one from India and another from another location.
So, ideally, requests from India should be permitted, while requests from other locations should be denied. So, if I press Enter, you’ll see that I get a Kplabs internal request. So this seems to be working perfectly. Now I have an Opera browser. And within the Opera browser, I have a VPN. So Opera comes with a default VPN, and within the VPN I have Europe as a location. So now if I go to the same URL, let’s see whether it actually works or not. And you can see it says 403 forbidden, which is exactly what the fastest is doing. So this is one of the classic examples of the geolocation-based rules of WAP. Now again, we have already seen that it can actually protect against various attacks like SQL injection, cross-site scripting, and various others.
92. AWS WAF Implementation with ALB
Hey everyone, and welcome back to the KP Labs course. So in the earlier lecture, we had a high-level overview of what AWS WAP was all about. So in today’s lecture, we look into the implementation part and how we can actually configure the Wave. Now, one thing that we already discussed in the association part is that AWSWave currently supports two types of associations. One is the ALB, and the second is the cloud front. So before we design a VAP, we should have one of these things already deployed. Now, I already have an ALB deployed, but what I’ll do is we’ll do this exercise again, and we’ll deploy a brand new ALB so that we are on the same page.
So before ALB can be deployed, you need to have one EC2 instance. So I have this EC2 instance, which has a simple NGINX page. So this is a simple page. Simply run Yummy Install NGINX and wait for the service engineer to begin. And these are the only two steps that you need to take. And you should have some kind of page for the easy ones, for instance. Once you have it, we can go ahead and create a load balancer. The type would be an application load balancer. Let me name it “Kplabss” so that it is easily recognizable. The type would be IPV four.and I’ll put it in the availability zone. One okay, fantastic. So select the two availability zones. I’ll go to the security groups. I’ll go to the Target group, name this Target, and click Next after selecting the Security group, which has basically enabled now routing. And here you basically just select the EC2 instance that has the web server running.
Go to “Next Review” and go ahead and click “Create.” Perfect. So you have the KP Labs WAV over here. So the Kplabs Wave takes a little time to get configured. So until that time, the state was changed from “provisioning” to “available.” We can go ahead and deploy our application ad and deploy ourSo I’ll go to Services and type AWS WAP, which will take me to the WAFF and Shield common page. And I’ll select WAFF for the time being. So if you look at the graph in a simple way, first you have to create a condition, then you create a rule. Third, you create a web SEL, and fourth, you create an association. So we’ll follow a similar approach. So first, we’ll select a condition. So the condition is that I’ll select Geo Match as of now. And you have to filter by the region where it will be implemented. I’ll be using the North Virginia region, where my ALB is deployed. So I’ll create a condition. I’ll refer to it as the KP Labs hyphen demo.
The region will be in north Virginia. Because this is ageometry, the location would be country. and then you can specify the country. I’ll select country. and And I’ll click on “Add location.” So this location has been added. So if you want to maybe allow requests from multiple countries, you can add them here as well. So I’ll click on “Create Perfect.” So now you have the condition that is created. Now, what you can do is create a rule. So I’ll go to the rules, and I’ll create a new rule. I’ll name them KP Labs rules. The rule type can be regular or rate-based. I’ll select regular for the time being. And now in the other section, you have “when a request does not match which condition.” So we’ll select the original geographic location because we are working based on geography. And I’ll select the condition that we have defined, which is Kplabs Demo. And I’ll click on “Add condition.” So the rule is that a request matches.
So when the request originates from a geographic location that is defined in the KP LabsHyphen demo condition name, which is India, This is what rules are all about. So, as you can see, you can put multiple rules over here that work based on and condition. So we’ll just use one rule for our demo. so that it becomes easier and less confusing. So I’ll create a rule. Perfect. So now we have the Kplabs rule. So we have a condition that we have created. We have rules that have been established. The web ACS is now in question.
So we’ll go to the web ACLs, and I’ll click on “create a web ACL” here, web ACL. I’ll say “Kplabs Heaven Web ACL.” The region would be North Virginia, and now there are AWS resources to associate with. So this is where the association part comes into the picture. So this is where you have to put the ALB names. So I’ll put the KP-Labs hyphen valve, which is the ALB. Now before we do that, let’s quickly verify. Currently, if you see the AWS Wave WebACL, it really does not have anything. Now, as soon as you click on “Next,” this is the page that will be presented to you. So you’ll need to put the rules in place. So what we’ll do is click Next, and within the rules column, I’ll select the KP Labs rule over here. and I’ll select Add Rule to the Web. ACL. Now this is asking me if the request matches this rule.
So this rule already states that it will analyse the HTTP packet and verify whether the request is coming from India or not. So if it is coming from India, what action should be taken? I’ll say click on “allow.” So it will allow if it is India. The following section is for when a request does not match any of the rules. So if the request is not originating in India, then what do you want to do? I’ll say then that I want to block all the requests that don’t match. So before we do that, let’s quickly verify whether our ALB is working properly or not. So let me open up the ALB-C name. So, 50 of the three services are currently unavailable. Let’s quickly verify. So I’ll go to the target groups. This is the target wax oops.I think the targets were not registered. When you come from a traditional load balancer background, this can be a little perplexing. So you have to click on “Add to Register.” Then it goes here, and you click on stered.
So thSo let’s just wait for a moment. So the status is sic load balanceSo now the status has been changed to “Healthy.” So if I quickly verify, you will see that I have a page that is up and running perfectly. Great. So everything seems to be working perfectly. I’ll go, and I’ll click on Review and Create. And I’ll click on “confirm.” So what it will do is associate this specific web application firewall ACL that we have created with the application load balancer named Kplabs Hyphen Valve. So if you go to the load balancer, let me just quickly refresh. It is still unrelated. So it takes a little time for the association to take place. So let’s just wait for a en Valve. So ifAs a result, the Web ACL has been successfully associated. So even here, if I just refresh the page, you see, AWS Web ACL should be allowed. Great. So far, things should be working perfectly as expected. So in order to verify this again, what we’ll do is use the Opera Browser.
The Opera Browser will click CTRL Shift N so that it goes to the private window. Here, I’ll select VPN, enable it, and choose the best location. Allow me to select “Europe.” So now, whatever request I make will be routed through the Europe location. So now I’m looking at the DNS name. I’ll copy this DNS from the back and enter it in the Opera browser. So this is a tunnel through the Europe VPN, and you can see it says 403 forbidden. You can now use it in Chrome, which does not have a VPN. So now you see, it works perfectly. So this is how the geolocation-related VAS is implemented. So again, once you have this ACS, you can actually get a nice little graph based on a five-minute period, and you can even get the sample.
So this is where you’ll get the iPad addresses from which the requests are coming from. So you can actually look into the great logs that you expect. So this is it for configuring AWS wax.I hope the basic configuration is understood by you, and I look forward to seeing you in the next lecture.
93. Overview of AWS Code Commit
Hey everyone, and welcome back. In today’s video, we’ll be discussing the AWS code commit service. Now, AWS code commit service is essentially a managed source control service provided by AWS that allows us to host private get repositories. Now AWS code commit is basically a managed source control service offered by AWS, which allows us to host the get repositories. Now, typically in an organization, there are two ways in which you can host your get repositories. One is that you do it on premises, so you have options for installing Gila, and there are various other providers offline on your infrastructure that you can make use of through SAS’s offering. Now a SAS offering is really great because you don’t really have to worry about high availability, security, et cetera.
Because AWS code commit is now a SAS service, it basically means that AWS will manage the entire thing for you, so you don’t have to worry about things going down or anything else. AWS code commit is not a particularly old source control service. There are various other services, like Bit bucket, that offer a similar solution. You have GitHub, which is pretty famous. Bit bucket is one of my favorites; I really love it. You can also try it out with their free unlimited private repository. However, since we’ll be focusing on the AWS certification, for us, an AWS code commit is the thing that will help us get good scores. So let’s look into how exactly this works. So I’m in my AWS management console, and if you type “AWS code commit” or just “code commit,” you will be directed to the code commit console.
So if you see it, it is giving a message saying that it is introducing the new console for AWS code commit. In fact, this is a pretty new console that they have launched, and it is pretty good when compared to the older one. In fact, this is the second time we are recording this video because the earlier version was based on the older console, and I decided to rerecord it because the new console had come anyway. So this is how the code commit console looks like.Now, typically, in order to create a repository, you need to click here and say “create a repo.” So you must provide a repository name here. Let me give it the name Kplabs git, and I’ll go ahead and create it. Now our repository is basically created if you are doing it with a root account; in my case, I am doing this with a root account, and you’ll basically get an error saying that you cannot really configure an SSH connection for a root account. So, if you want to do cloning and such, it is recommended that you sign in through the im user. Now, in order for you to start working with the commit repository, there are basically two prerequisites.
One is that you need to have the get client installed, and there is a specific version, and secondly, you need to have the AWS code commit managed policy attached to the IAM user. So these are the two prerequisites that you need to have it. Now in order to do that, as we have already seen, having a get client is the first prerequisite. So let’s look at how we can do that. So I’m connected to a Linux box, and basically, if I type get over here, it is saying that there is no such file or directory. So the first thing that you need to do is install the get client. Now, if you’re basically using an OS like Red Hat Enterprise Linux or Amazon Linux, it’s quite simple. What does get provide if you quickly run yum? You see, this is basically the package that has the get binary.
So you can go ahead and install git with this command: yum hyphen y install get. If you are using a Mac, you can do a git install, and if you are using Windows, you must install the exe file there. Great. So once you have the git client installed, you can just verify. If you just type “get,” it will give you the basic help documentation. Now our first prerequisite step is complete. The next thing is that we need to create an imuser that has the code commit-specific policies attached. So let’s go ahead and create an IMS user. So I’ll type IAM, and basically, with the help of IAM policies, you can control the permissions in code commit. So here I am in my IAM console. So what we’ll do is I’ll go to Users and Groups and create a new user. I’ll name it “code commit” just for our testing purposes, and we’ll select the programmatic access over here. Now we’ll move on; you can attach existing policies here; I’ll just pick the code commit one. So, after that, you have three policies, three managed policies. One is basically for reading only. The first is that it essentially gives full access to the code commit, while the second gives full access but does not allow repository deletion. So for our testing purposes, we’ll be creating the full access policy and attaching it to the IAM user. Perfect. So once you have created them, you basically get the access key and secret key you need to configure your OS with those keys.
So please allow me to configure AWS. Great. So my AWS configuration has now been completed. Now the next thing that we have to do is clone this specific repository. When you return to the source and click on the repository, you have two options for cloning. One is through HTTP, and the second is through SSH. Now, if you typically click on HTTP, it will give you the link to do a clone over here, and similarly, if you just do a SSH, it will give you the link. So let’s try the HTTP one. I’ll copy this up, and in order to clone it, you have to type get clone, and you have to specify the link to the repository. And now you see that it is asking for the username and password. So this username and password can be associated with the IAM user that we have created.
So let me click on the code commit here, and if you go to security credentials, let’s go a bit down. There are two ways. One is the SSH keys for AWS code commit, and the second is the HTTP get credentials for AWS code commit. Let’s generate our HTTPS login credentials. I clicked on “generate” here, and it gave us the username and password. So I’ll copy this username and password, and once you press Enter, basically it says that you have cloned an empty repository. That is fine because this is a newly created repository. So what I’ll do is do a CD KP Labs hyphen gate because this is our new repository, and basically, if we quickly do a touch, let’s do it. I’ll say touch test TXT, and I’ll do a quick echo, saying, “Hi, this is our first commit,” and I’ll put it to test TXT warrior. Once you have done that, you can do a git status, and it will say that there is one untracked file. You can go ahead and add this, and you can commit it. The commit message would be “adding a first file.” So, once you’ve committed, go ahead and push it. I’ll push it to the master branch again; it will basically ask you for the username and password.
Let’s copy this username. Great. So now the data has been pushed to the master branch. So, if you go to code commit and simply click over here, you will see that you have the test TXT file, which is present over here. Along with that, you now have additional options in a code commit, such as a pulled request. You have the option of viewing the commits that were made. You can see the commit message that we had written as if this was the first commit. You also have options for branches and tags, and within settings, you have options for notifications. So this is pretty helpful. You can integrate SMS so that whenever something happens, you can get an email or an SMS, and you also have an option for triggers. So this is a very high-level overview of the AWS code commit. I hope this video has been useful for you, and I look forward to seeing the next video.
94. Understanding Code Build Service
Hey everyone, and welcome back. In today’s video, we will be looking into the building of code with the help of the AWS Code Build service. Now, I am in my code build console, under the build projects, and we can go ahead and click on “Create a build project” here. So the first thing you should do is name the project. So please accept it as KP Labs’s hyphenated build Now, if you go below, it is asking for a source. So, in order to build a code, you must first provide the code to the code build service. Now, that code can reside in one of the following options: It could be in S3, or it could be code on GitHub or Bitbucket. Now you can store it anywhere. Now, since we are more focused on certification-specific, I’ll be choosing Code commit. Now, once you have selected Code Commit, you also need to provide the repository where your code belongs to.Now, let me quickly show you. I have actually created a new code commit repository. So this is the new code commit repository. It’s known as the Kplabs hive and Repo. And basically, there are two files within this repository. One is Buildspec YML, and the second is Hello, World PY. Now, we’ll choose the kplabs happen repo from the Code Build menu. Now, once you have done that, if you go into the environment, you can specify a managed instance or a custom image, which is basically a Docker image. We’ll be using managed instances as of now, and we’ll be using an Ubuntu-based OS. Now, the next thing is the runtime. Runtime proves to be very important because depending on which language you write your code in, you need to have the appropriate runtime.
So there are various runtimes that are available. We’ll be using Python because our code is actually based on it. So let me quickly show you how exactly the code is configured before we go ahead and add further configurations. So this is my CLI, and basically there are two files that are present over here. The first is “Hello, world.” The second is the YML build specification. Now, if you quickly do a cat on Hello World PY, it basically contains one print statement, which states that this line will be printed. If you run Python on Hello WorldPY, the only thing that will happen is that this line will be printed. This is a very simple piece of code, and this is the reason why the runtime is in Python. Because the code is based on Python and the runtime version is basically the latest one you can select, I’ll just say Python 3.3.6. And the next thing is basically the service role. We’ll just leave it as the default one.
Now, within the additional configuration, you have options related to timeout, you have options related to the certificate if it is required, and you also have options related to the VPC, which the code build project can access as well as the compute. Since this is a test project, our computer has three GB of memory. This is the lowest offering that they have right now. So within the build spec over here, there are two ways. The first option is to use a build specification file, while the second is to include the build specification command. Now, basically, in order for a build to happen, or maybe for a compilation to happen, there would be a series of steps that needed to be followed. Now, you can specify the series within the insert build command, or the recommended way is to specify it within the build spec file. As you may have noticed, we already have two files in this project. One is build spec YML, and the second is hello world PY. Hello, World! PY is something that we have already explored. Let’s look into what buildspec YML looks like.
So this is my Atom editor. There are three commands if you look at the build specification YML. So you have a simple echo command that says compilation has begun with these three commands. Then you have to compile the Python code, and then it is executing Python. Hello, PY world! So this is a very simple project, and after the build, you get a message stating that the compilation process has finished, and this is a very simple YML build specification. Now, we can also specify this command manually, but the ideal way is to specify everything within the build spec YML. So since we have the buildspec VML, we’re using the user build specification file here. Now, you can also have a different name. So if you see by default that code building will look for a file name called “buildspec viable,” Now, since our file name is already built to specification, Vyman, you don’t really have to specify anything over here. Now, once you’ve done that, you can go ahead and create a building project.
Now, once I’ve done that in the next screen, it will basically give you an overview, and we can go ahead and click on “start building.” Now, once you do that, it will basically tell you the project. It essentially serves as a timeout. So, because we have very simple code, we don’t want our code build to take too long. So you can basically just specify, say, “I’ll just specify zero over here and within minutes I’ll just specify five minutes, and if you go a bit down, it will tell you which branch it should take the code from. As a result, it is the master branch for me. However, if you have a different branch, you can specify it as well. If you have an environment variable, you can specify it here. In our case, since this is simple code, we can go ahead and start the build process. So this is how it actually looks. You see, the status is “in progress.” It might take a little while to finish. So let’s just quickly wait for it. Great. So the status is now “successful.” And if you go a bit down, this is what the logs would typically look like. Now, within this, if you see over here, this is the phase where it is basically saying that running command-echo compilation has started, which means that output compilation has started. The Python code must then be compiled before this line is printed. So, when you run this, which of the following states Python? Hello, world PY! This is the output, which says that this line has been printed and post build. So, the construction phase is over, and we are now in the post-construction phase. So what happens after the build is completed?
So in this case, since this is Python, it is not a build per se, but once this phase is complete, then it is executing the echo command that we had. So if you look into this under the post build, we had this specific echo command, and the output of this echo command was compiling. The process has been completed. Now, in case you want to look into these logs in the long term, they will also be stored in Cloud Watch. So let me quickly show you that as well. So within Cloud Watch, if you go to logs, there is a log group called “AWS code build,” “KP latch and build.” And if you click over here, you will basically see the same command. You see Echo compiling the Python code. This is the output from compiling the Python code. Then we execute, or the code in billis executes Python hello world PY, and the output of this line is printed. So this is how the code build actually works at a very high level overview.So I hope this high-level overview of the acode build has been informative for you, and I look forward to seeing you on the next video.
95. Understanding Code Deploy Service
Hey everyone, and welcome back to the KP Labs course. So in today’s lecture, we’ll be discussing the AWS web application firewall offering. So this is a pretty interesting and fairly straightforward bath that is offered by AWS. So let’s take a look at what it is and how it works. So AWS WAV basically works based on conditions, rules, web seals, and associations. So this might be a little confusing to start with. So we’ll take a very simple use case to help us understand the overall flow basis on which the AWS vast truly operates. So let’s take an example. So let’s suppose that I live in place A in Bangalore and that I want to meet a friend who is living in place B. So I’m living in place A, and I want to meet a friend who is living in place B. So, in order to meet a friend, I must definitely travel. So before traveling, you should remember that Boston is known for its traffic.
So before that, before I can actually travel, I have certain conditions. The first condition is whether the traffic is light or whether there is a huge traffic. That is the first condition that I have. So, secondly, is there an Uber or Ola available so that I can hire a cab and get to location B? Because it’s not necessary that public transport should always help you reach a destination, So there are two conditions. So now these are the two conditions that I have. This is the condition section. So there can be multiple conditions here. Now let’s go to the rules part. So, what do I do within the rules plot? I combine the combination conditions. So if traffic is less and if Uber and Olas are available, you are making an assumption that this is true and that the second condition is also true. So that is what the rules define. Okay? So you can have multiple conditions. You can combine multiple conditions in a rule. Now, what happens if these two conditions meet?
So if they meet, then yes, the rule is taken. If they do not meet, then the no rule is defined. So we’re like, “Okay, if these conditions are met, then okay, I’ll go meet my friend.” If they do not meet, then okay, I’ll stay at home and go some other day. So this is like allow-or-deny-based rules. Now these are the three conditions. Now, the last is association. So this is linked to me, which is read. So the whole thing. So I hope you understood. You have the condition. You have the rule, which contains multiple conditions. You have the web ACLs, which define whether to allow or block. So either I should go or either I should stay back.And association. So is it associated with me? Is it associated with some other person? This is what the association is all about. Great, so we’ll understand this in great detail. So let’s take each of them on a separate page and understand them in great detail.
So first, the conditions. So a condition basically defines the characteristic that needs to be analysed within the HTTP-based web request. So there can be multiple conditions. So as far as AWS WAF is concerned, there are a total of six conditions that it supports. You have SQL injections, you have cross-site scripting, and you have geographic location, like, let’s assume, if someone is coming from Russia, so that becomes a condition. So all of these are part of the geographic location. You have a condition based on the length of the request. So there are multiple conditions that are defined. So when you talk about rules, if you have defined multiple conditions, you can add them in an appropriate manner to a rule. So talking about rules, again, we can combine multiple conditions into a rule to precisely target a specific HTTP request.
So there are two types of rules available. One is the regular rule, and the second is the rate-base rule. So, in the case of a regular rule, let’s say a request comes from 172-30 and includes SQL-like code; these are two distinct conditions. So in one rule, there can be multiple conditions, and they are treated as such, so if a request is coming from this IP and the request contains SQL-like code, then this becomes a rule. So this is a regular rule. Now, there is also a rate-based rule. So a rate-base rule is a regular rule plus the rate-limiting feature. So, if the request comes from 17230 00:50, they include it as an SQLi code, and if the request exceeds 1000 requests in ten minutes, the rate-based rule has a rate limiting feature. Okay, so let’s look at the first sample. So what happens if the request is coming from this IP and it includes the SQL I code? Should it be allowed? The question of whether it is allowed or not is defined in the web session. So Web ACL is pretty simple.
You have a condition, and if the condition is met, what should be done? You can decide whether you should allow, whether you should block, or whether you should just count. So there are three types of action. You either allow it, you either block it, or you just count it. These are the three conditions that are allowed. Now, the last is association. Now comes the question of who these three entities should be associated with. Should it be associated with the EC? For instance, should it be associated with the load balancer with a CloudFront distribution? So association is a very important concept because, as of now, the vast majority cannot be associated with the EC. For instance, there are only two supported associations. One is the application load balancer, and the second is the cloud front. So this is something that you need to remember that you cannot directly attach to the EC to make an instance perfect. So much theory has already been examined; let us now investigate the AWS WAV and each of these. So I’ll go to the Wave and Shield.
So they have the combined page as of now. I’ll go to the AWS valve, and if you look into the conditions, there are six conditions that are part of the val as far as 2018 is concerned, and again, this will increase in the future. However, six new conditions have been added as of now. GeoMatch is something that is quite interesting, because let’s assume that you have an e-commerce website based in India. So you don’t really need to have a request that is coming from Russia or some other part of the world. So you can actually block all requests from other countries except India. So, this is a very interesting condition, and I recommend that many startups based solely in India with Indian customers implement the GeoMatch-based conditions anyway, so I’ll show you.
So these are the conditions. Now, within the GeoMatch condition, you can have multiple conditions. So let me put the Virginia So you’ll have to select the region, and within this I have a condition that is already created called a “geo condition.” So this is the name of the condition. Now, within this condition, what I have is a filter for India, so it will look at all the requests that are coming from multiple countries and have the capability to check whether the request is coming from India or from a country that is not India. So I have one condition.
So now I’ll go over the rules. So far, we’ve looked at how to include conditions within rules. So, I have attached this specific condition. Within this rule, there can be multiple conditions that can be attached, and I have a rule, I have a condition, and the last is a web ACL. So I’ve attached a rule to the web SEL. So you see, I have associated this rule, which basically checks whether it should allow or block requests. So currently, it’s allowed. So let me click on “block.” So what it will do is check whether the request is coming from India or not. If it is coming from India, then the action is allowed. Now, if it is not coming from India, you have a default action of whether to allow or whether to block. So I’ll say okay; I’ll click onblock because okay isn’t really necessary. So this is what web ACLs are generally all about. Now, AWS Web has a nice little graph that gives you an overview of blocked requests, allowed requests, and various others.
This is where you can generate samples if you do a georeferenced sample. It can actually tell you from which IPS the requests have been coming in. We’ll be looking into it during the implementation part, but this is where it gives you a great deal of detail. So let’s look into whether it really works. So currently I’m based in India, so this specific map is connected to my load balancer. So I’ll show you this. So I’ll add an association. I’ll associate it with my application load balancer. So currently, this is associated with the load balancer. We already discussed the association part. There are only two associations. One is the application load balancer, and the other is the cloud front. So currently, this is associated with the application load balancer. So I’ll quickly go to the ALB to verify whether it is actually connected or not.
So I’ll go to the load balancer, I’ll go to the KPLabs ALB, and if you look into the web ACL, I already have a Vape ACL rule that is associated. Perfect. So now let’s look at whether it’s actually working or not. So we’ll send two requests to the ALB: one from India and another from another location. So, ideally, requests from India should be permitted, while requests from other locations should be denied. So, if I press Enter, you’ll see that I get a Kplabs internal request. So this seems to be working perfectly. Now I have an Opera browser. And within the Opera browser, I have a VPN. So Opera comes with a default VPN, and within the VPN I have Europe as a location. So now if I go to the same URL, let’s see whether it actually works or not. And you can see it says 403 forbidden, which is exactly what the fastest is doing. So this is one of the classic examples of the geolocation-based rules of WAP. Now again, we have already seen that it can actually protect against various attacks like SQL injection, cross-site scripting, and various others.
