AWS WAF Scaling: Understanding the "WAF Sandwich"

Scale AWS Web Application Firewalls (WAFs) with Ease

Prev Question Next Question

Question

DDoS attacks that happen at the application layer commonly target web applications with lower traffic volumes compared to infrastructure attacks.

To mitigate these types of attacks, you should probably want to include a Non-AWS WAF (Web Application Firewall) as part of your infrastructure.

To inspect all HTTP requests, WAFs sit in line with your application traffic.

Unfortunately, this creates a scenario where WAFs can become a point of failure or bottleneck.

To mitigate this problem, you need the ability to run multiple WAFs on demand during traffic spikes.

This type of scaling for WAF is done via a “WAF sandwich.” Which of the following statements best describes what a “WAF sandwich" is? Choose the correct answer from the options below.

Answers

A. The EC2 instance running your WAF software is placed between your private subnets and any NATed connections to the Internet.

B. The EC2 instance running your WAF software is placed between your public subnets and your Internet Gateway.

C. The EC2 instance running your WAF software is placed between your public subnets and your private subnets.

D. The EC2 instance running your WAF software is included in an Auto Scaling group and placed between two Elastic load balancers.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - D.

The below diagram shows how a WAF sandwich is created.

The concept of placing the EC2 instance hosts the WAF software in between 2 elastic load balancers.

Options A, B and C are incorrect since the EC2 Instance with the WAF software needs to be placed in an Autoscaling Group.

For more information on a WAF sandwich, please refer to the below Link:

https://www.cloudaxis.com/2016/11/21/waf-sandwich/

0,0
ase

‘Auto-scaling group

7a
[s

‘security group

public subnet

private subnet

vec

AWS

A "WAF sandwich" is a method of scaling a web application firewall (WAF) to mitigate the risk of it becoming a point of failure or bottleneck during traffic spikes, particularly in the case of DDoS attacks that target the application layer of web applications. This method involves placing the EC2 instance running the WAF software between two Elastic Load Balancers (ELBs), which can dynamically spin up and down additional instances of the WAF as needed to handle traffic spikes.

Option A, placing the WAF between private subnets and NATed connections to the internet, is not correct because it does not involve the use of ELBs, which are necessary for scaling WAF instances dynamically.

Option B, placing the WAF between public subnets and the internet gateway, is not correct because it does not involve the use of ELBs, which are necessary for scaling WAF instances dynamically.

Option C, placing the WAF between public and private subnets, is not correct because it does not involve the use of ELBs, which are necessary for scaling WAF instances dynamically.

Option D, placing the WAF in an Auto Scaling group and between two ELBs, is the correct answer. By using an Auto Scaling group, you can automatically add or remove WAF instances based on traffic patterns, ensuring that the WAF can handle traffic spikes without becoming a bottleneck or point of failure. By placing the WAF between two ELBs, you ensure that traffic is distributed evenly across all WAF instances and that new instances can be spun up quickly to handle increased traffic. Overall, this approach provides a scalable and reliable way to protect web applications from DDoS attacks at the application layer.

Prev Question Next Question