- It is a web application firewall to protect web applications from common web exploits.
- It works at the application layer and conducts inline inspection of all the inbound traffic
- Can detect and filter against flaws in web application security
- Uses web ACL rules
- It defines customizable web security rules to control which traffic accesses web applications.
- Conditions are listed in rules, for specific requests
- Actions can also be triggered, if condition is fulfilled
- It helps you to identify and block common DDoS request patterns and effectively mitigate a DDoS attack.
- Can configure rules for web requests, as per conditions, to
- allow
- block
- monitor (count)
- Conditions can be defined as per
- IP addresses
- HTTP headers
- HTTP body
- URI strings
- SQL injection
- cross-site scripting
AWS Certified Security - Specialty Free Practice TestTake a Quiz