Rule: ELB Application Load Balancers Should Have WAF Enabled
This rule highlights the necessity of enabling Web Application Firewall for ELB application load balancers.
| Rule | ELB application load balancers should have Web Application Firewall (WAF) enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Medium |
Rule Description:
ELB application load balancers should have Web Application Firewall (WAF) enabled for NIST 800-171 Revision 2. This rule ensures compliance with NIST 800-171 Revision 2, which requires the use of a Web Application Firewall (WAF) to protect against common web application security vulnerabilities.
Description:
The Web Application Firewall (WAF) is a security firewall that examines incoming HTTP/HTTPS traffic and filters out malicious requests based on rules. By enabling the WAF feature on the ELB application load balancer, you can add an additional layer of protection to your web applications, reducing the risk of potential attacks.
Troubleshooting Steps:
If you encounter any issues while enabling the WAF on your ELB application load balancer, follow these troubleshooting steps:
- 1.Verify IAM permissions: Ensure that the IAM user or role has the necessary permissions to enable and configure WAF on the ELB load balancer. Check the IAM policy associated with the user/role and make sure it includes the required permissions.
- 2.Check WAF availability: Confirm that the WAF service is available in your region. Some AWS services may not be available in all regions, so ensure that WAF is supported in your region.
- 3.Check ELB configuration: Verify that your ELB application load balancer is properly configured and functional. Ensure that the ELB is actively running and accessible.
- 4.Check WAF rules and conditions: Review the configured WAF rules and conditions to ensure they are appropriate for your web application. Test different configurations and rule sets, if required, to find the optimal settings for your environment.
- 5.Review AWS WAF documentation: Consult the AWS WAF documentation for further troubleshooting guidance and details on common issues and resolutions.
Necessary Codes (if any):
No specific codes are required for this rule. Enabling the WAF on the ELB application load balancer is done through the AWS Management Console or AWS CLI commands.
Step-by-step Guide for Remediation:
Follow these steps to enable Web Application Firewall (WAF) on your ELB application load balancer:
- 1.Step 1: Log in to the AWS Management Console.
- 2.Step 2: Navigate to the Amazon EC2 console.
- 3.Step 3: In the navigation pane, click on "Load Balancers" and select the relevant ELB application load balancer.
- 4.Step 4: Click on the "Listeners" tab.
- 5.Step 5: Locate the HTTPS listener you want to protect with WAF and click on the "Edit" button.
- 6.Step 6: In the "Edit Listener" dialog, scroll down to the "Web Application Firewall (WAF)" section.
- 7.Step 7: Click on the "Add" button to associate a WAF web ACL with the listener.
- 8.Step 8: In the "Associate Web ACL" dialog, select the appropriate web ACL from the dropdown list.
- 9.Step 9: Click on the "Save" button to save the changes and enable WAF for the ELB application load balancer.
- 10.Step 10: Validate and test the functionality of the WAF by accessing your web application through the ELB URL. Verify that the WAF is actively filtering incoming requests and blocking any malicious traffic.
Conclusion:
Enabling the Web Application Firewall (WAF) on your ELB application load balancer provides an additional layer of security to protect your web applications against potential security vulnerabilities. By following the step-by-step guide for remediation, you can easily enable WAF and comply with the NIST 800-171 Revision 2 standard. Regularly monitor and update your WAF rules to ensure continuous protection against evolving threats.