The Amazon Web Services (“AWS”) Web Application Firewall (“WAF”) protects web applications from common vulnerability exploits, such as bad bots, cross-site scripting (“XSS”), and distributed denial of service (DDoS) attacks. You can now take advantage of AWS WAF with your Managed AWS offering from Media Temple, blocking 10 universal attacks and can be extended to a full custom rule set. AWS WAF integrates seamlessly with Amazon CloudFront such that blocked requests are stopped before they reach your web servers. Media Temple deploys AWS WAF on CloudFront as part of a fully integrated content delivery network (“CDN”) solution. This also gives you an advantage over using another WAF in conjunction with CloudFront, which can introduce latency as the data travels between the two edges.
Some of the critical features that are enabled with the deployment of AWS WAF to your AWS environment, include ..
- Tight integration with Amazon CloudFront such that the rules you define – to allow, block, or monitor web requests – run in all AWS Edge locations, internationally, closest to your clients.
- Custom centralized rulesets can be implemented globally or per web site.
- Comprehensive logging of blocked/allowed traffic, for compliance and auditing, as well as debugging.
- Ability to block/blacklist full subnets of IPs.
- OWASP ModSecurity Core Rule Set (CRS)
If you are currently utilizing Media Temple Cloud Tech Security and need a more enterprise-grade, highly-available solution, you may want to consider deploying the AWS WAF, for customer WAF rules, and more flexibility in cache configuration, among other features.
If you would like Media Temple to deploy AWS WAF into your AWS environment, please submit a ticket with our Support team or contact your Media Temple Customer Success Manager. Media Temple will review your site traffic logs, discuss the ruleset you wish to deploy, and deliver an estimate of costs before launching the WAF into production.