Remediation Options for Legitimate Traffic Drops
Question
A Start-up company is planning to deploy a blogging site with WordPress.
This site will be deployed on an Amazon EC2 instance behind an ALB.
For securing this site, AWS WAF with Managed rules is configured by the Sysops Team.
The Operations Team is observing some legitimate traffic to this site is getting dropped and is looking for your support for the resolution. Which of the following can be configured to remediate this issue?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
AWS Managed Rules are pre-defined, ready-to-use AWS WAF rules created by AWS or third-party vendors.
These rules are an easy way to secure websites from common vulnerabilities for web applications like WordPress, Joomla, or PHP.
If legitimate traffic is getting blocked with these rules, rules in an AWS Managed rules group can be configured in count mode, allowing traffic.
Further analysis can be done using AWS WAF logs to identify rules causing traffic to be dropped.
Options A & B are incorrect as rules with the AWS Managed rules group cannot be viewed or modified.
Actions by these rules can be overridden using count mode which will stop blocking the traffic.
Option D is incorrect as AWS Managed rules with a scope-down statement will not be effective for allowing legitimate traffic.
For more information on managed rules with AWS WAF, refer to the following URL,
https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups.htmlThe issue with legitimate traffic getting dropped on a WordPress site deployed on an Amazon EC2 instance behind an Application Load Balancer (ALB) protected by AWS WAF with Managed rules can be resolved by configuring the rules in a specific way. Let's examine each of the given options to see which one is the most appropriate solution.
Option A: Configure rules in the AWS Managed rules group as a regular rule This option is not a good solution as configuring the rules in the AWS Managed rules group as a regular rule would not solve the issue of legitimate traffic being dropped. Regular rules in AWS WAF are designed to match specific patterns in the request or response and allow or block traffic based on that match. This would not address the issue at hand.
Option B: Configure rules in the AWS Managed rules group as rate-based rules This option is the best solution for this issue. Configuring the rules in the AWS Managed rules group as rate-based rules would allow the Operations Team to fine-tune the sensitivity of the AWS WAF for the traffic rate to better address the legitimate traffic being dropped. Rate-based rules can limit the number of requests that are allowed to be sent to the WordPress site over a given time period. If the rate exceeds the configured limit, the traffic can be blocked or logged. This option would provide a better solution to the problem than regular rules.
Option C: Configure rules in the AWS Managed rules group in count mode Configuring rules in count mode allows the AWS WAF to count the number of times a specific rule matches a request or response. This option is not appropriate for the given issue as it does not provide a way to allow the legitimate traffic that is getting dropped.
Option D: Configure rules in the AWS Managed rules group with scope-down statements Scope-down statements are used to specify conditions that must be met for a rule to be evaluated. This option is not the best solution for this issue as it does not provide a way to allow the legitimate traffic that is getting dropped.
In summary, the best solution for the Operations Team's issue with legitimate traffic getting dropped is to configure rules in the AWS Managed rules group as rate-based rules. This would allow for better fine-tuning of the sensitivity of the AWS WAF for the traffic rate and help to prevent legitimate traffic from being dropped.
