A Start-up company is planning to deploy a blogging site with WordPress.
This site will be deployed on an Amazon EC2 instance behind an ALB.
For securing this site, AWS WAF with Managed rules is configured by the Sysops Team.
The Operations Team is observing some legitimate traffic to this site is getting dropped and is looking for your support for the resolution. Which of the following can be configured to remediate this issue?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
AWS Managed Rules are pre-defined, ready-to-use AWS WAF rules created by AWS or third-party vendors.
These rules are an easy way to secure websites from common vulnerabilities for web applications like WordPress, Joomla, or PHP.
If legitimate traffic is getting blocked with these rules, rules in an AWS Managed rules group can be configured in count mode, allowing traffic.
Further analysis can be done using AWS WAF logs to identify rules causing traffic to be dropped.
Options A & B are incorrect as rules with the AWS Managed rules group cannot be viewed or modified.
Actions by these rules can be overridden using count mode which will stop blocking the traffic.
Option D is incorrect as AWS Managed rules with a scope-down statement will not be effective for allowing legitimate traffic.
For more information on managed rules with AWS WAF, refer to the following URL,
https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups.htmlIn this scenario, the SysOps team has configured AWS WAF with Managed rules to secure a WordPress site deployed on an EC2 instance behind an ALB. However, the Operations team is observing that legitimate traffic to the site is getting dropped. To remediate this issue, one of the following actions needs to be taken:
A. Configure rules in the AWS Managed rules group as a regular rule:
This option involves configuring AWS WAF with Managed rules as a regular rule. Regular rules are evaluated on a per-request basis, and if the request matches the rule, it will be blocked. However, this option may not be effective in resolving the issue as it will block all requests that match the rule, including legitimate traffic. Therefore, this option is not recommended.
B. Configure rules in the AWS Managed rules group as rate-based rules:
This option involves configuring AWS WAF with Managed rules as rate-based rules. Rate-based rules count the number of requests from a particular source over a specified time period. If the number of requests exceeds the configured threshold, the traffic is blocked. This option can be effective in mitigating the issue as it can distinguish between legitimate traffic and an attack. It allows legitimate traffic to pass through while blocking excessive traffic from a single source. Therefore, this option is a recommended solution.
C. Configure rules in the AWS Managed rules group in count mode:
This option involves configuring AWS WAF with Managed rules in count mode. In count mode, the rule is only used to count the number of times a particular event occurs, and it does not block traffic. This option may not be effective in resolving the issue as it does not provide any protection against the traffic.
D. Configure rules in the AWS Managed rules group with scope-down statements:
This option involves configuring AWS WAF with Managed rules with scope-down statements. Scope-down statements allow the rule to be applied to specific areas of the request, such as the URI, HTTP header, or query string. This option may not be effective in resolving the issue as it only limits the rule to a specific area of the request and does not provide any protection against the traffic.
In conclusion, the recommended solution to remediate the issue of legitimate traffic getting dropped is to configure rules in the AWS Managed rules group as rate-based rules (option B). This option will allow legitimate traffic to pass through while blocking excessive traffic from a single source.