This rule ensures that ELB Application Load Balancers have Web Application Firewall (WAF) enabled for enhanced security.
Rule | ELB application load balancers should have Web Application Firewall (WAF) enabled |
Framework | NIST Cybersecurity Framework (CSF) v1.1 |
Severity | ✔ Medium |
Rule Description
In compliance with the NIST Cybersecurity Framework (CSF) v1, all Elastic Load Balancer (ELB) application load balancers should have the Web Application Firewall (WAF) enabled. The WAF provides an additional layer of protection by filtering and monitoring HTTP(S) traffic between clients and your applications running behind the load balancer. It helps to safeguard your web applications against common web exploits, such as SQL injection, cross-site scripting (XSS), and more.
Troubleshooting Steps (if any)
If you encounter any issues while enabling the Web Application Firewall on your ELB application load balancer, follow the steps below to troubleshoot:
Verify IAM roles: Ensure that the IAM roles associated with the load balancer have the necessary permissions to enable and configure the WAF. Check for any missing or incorrect IAM policies.
Check WAF availability: Confirm that the WAF service is available in your AWS region. Some regions may not currently support the WAF, so check the official AWS documentation for the latest availability information.
Verify ELB and WAF compatibility: Check the compatibility between your ELB and the WAF service. Ensure that the ELB version is compatible with the WAF, as some older ELB versions may not support WAF integration.
Review WAF rules and conditions: Double-check the configured WAF rules and conditions. Make sure they align with your security requirements and application needs. Incorrect rules or misconfigured conditions can lead to undesirable blocking of legitimate traffic or failure to block malicious requests.
Monitor WAF logs: Enable WAF logging and monitor the logs for any anomalies or unexpected behavior. If you notice any false positives or false negatives, adjust the WAF configuration accordingly.
Test application functionality: After enabling the WAF, thoroughly test your application's functionality to ensure that all features are working as expected. Run both positive and negative test cases to validate that the WAF is correctly blocking malicious requests while allowing legitimate traffic.
Necessary Codes (if any)
The following is an example code snippet for enabling WAF on an existing application load balancer using the AWS Command Line Interface (CLI):
aws elbv2 create-web-acl --name <web_acl_name> --scope REGIONAL --default-action 'Type=ALLOW' --rules '[ { "Name": "Rule1", "Priority": 1, "Statement": { "ByteMatchStatement": { "FieldToMatch": { "UriPath": {} }, "PositionalConstraint": "EXACTLY", "SearchString": "/admin" }, "Action": { "Block": {} } }, "VisibilityConfig": { "SampledRequestsEnabled": true, "CloudWatchMetricsEnabled": true } } ]'
Please note that the provided code snippet is just an example, and you should modify it based on your specific WAF rules and requirements.
Step-by-Step Guide for Remediation
Follow the step-by-step guide below to enable the Web Application Firewall (WAF) on your Elastic Load Balancer (ELB) application load balancer:
Identify the target ELB: Determine the specific ELB that needs the WAF enabled. This might be an existing ELB or a new one that you plan to create.
Access the AWS Management Console: Log in to the AWS Management Console using your AWS account credentials.
Navigate to the EC2 service: Search for the "EC2" service in the AWS Management Console and click on it to open the EC2 Dashboard.
Go to the Load Balancers page: In the EC2 Dashboard, locate and click on the "Load Balancers" link under the "LOAD BALANCING" section.
Select the target ELB: From the list of available load balancers, select the ELB that you want to enable the WAF for by clicking on its name.
Open the WAF settings: In the ELB details page, navigate to the "Load Balancer Attributes" section and click on the "Edit" button next to the "Web Application Firewall" option.
Create or select a WAF ACL: If you already have a WAF ACL (Web Application Firewall Access Control List) associated with the ELB, select it from the dropdown list. Otherwise, click on the "+ Create new ACL" button and follow the prompts to create a new WAF ACL.
Configure WAF rules and conditions: Depending on your security requirements, configure the WAF rules and conditions within the selected WAF ACL. This involves specifying patterns to match against incoming requests and defining the actions to take for both allowed and blocked requests.
Review and save the WAF settings: Double-check all the configured WAF settings on the ELB and make sure they align with your requirements. Once you are satisfied, click on the "Save" button to save the WAF settings.
Test the application: After enabling the WAF, thoroughly test your application's functionality to ensure that it is working as expected. Validate that the WAF correctly blocks malicious requests while allowing legitimate traffic.
Congratulations! You have successfully enabled the Web Application Firewall (WAF) for your Elastic Load Balancer (ELB) application load balancer in compliance with the NIST Cybersecurity Framework (CSF) v1.