An AWS CloudFront distribution does not have a WAF (Web Application Firewall) in front

Severity	Exploitability	Providers	Categories
HIGH	LOW	AWS	NETWORK

Description

AWS WAF is a web application firewall that lets you monitor and block the HTTP(S) requests that are forwarded to an Amazon CloudFront distribution. It allows custom access control to a web application based on conditions such as IP addresses or specific traffic patterns.

Not having one eases attacks exploiting common web application vulnerabilities such as SQL injection or cross-site scripting like described in the OWASP Top Ten.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	False	False	False

Common web application vulnerabilities could be exploited.

Remediation guidelines

Enable WAF for the CloudFront distribution.

References

• Get started with AWS WAF
• AWS WAF Developer Guide
• How AWS WAF works with Amazon CloudFront features
• OWASP Top Ten Web Application Security Risks

Was this page helpful?