An AWS CloudFront distribution does not have a WAF (Web Application Firewall) in front
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | LOW | AWS | NETWORK |
Description
AWS WAF is a web application firewall that lets you monitor and block the HTTP(S) requests that are forwarded to an Amazon CloudFront distribution. It allows custom access control to a web application based on conditions such as IP addresses or specific traffic patterns.
Not having one eases attacks exploiting common web application vulnerabilities such as SQL injection or cross-site scripting like described in the OWASP Top Ten.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Common web application vulnerabilities could be exploited.
Remediation guidelines
Enable WAF for the CloudFront distribution.