An AWS CloudFront distribution does not have a WAF (Web Application Firewall) in front
- GG_ID: GG_IAC_0025
- Severity: HIGH
- Complexity: HIGH
- Categories: NETWORK
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: False
#
DescriptionAWS WAF is a web application firewall that lets you monitor and block the HTTP(S) requests that are forwarded to an Amazon CloudFront distribution. It allows custom access control to a web application based on conditions such as IP addresses or specific traffic patterns.
Not having one eases attacks exploiting common web application vulnerabilities such as SQL injection or cross-site scripting like described in the OWASP Top Ten.
#
ImpactCommon web application vulnerabilities could be exploited.
#
Remediation guidelinesEnable WAF for the CloudFront distribution.