EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFLAB : Configure WAF to block Web traffic
LAB : Configure WAF to block web traffic in AWS.
Topology:
Refer below topology to configure WAF.
Task :
- Create Security Group for Load Balancer, here we will be using default SG which allows all traffic.
- Create the web servers in Default VPC
- Create a Load Balancer: Dclessons-App-LB and test the traffic from it.
- Create an IP Set: Dclessons-IP-Set along with web ACL named Dclessons-Web-ACL
- Testing the working of the WAF with blocking and Unblocking the IP
Solution:
Launching EC2 Instance:
Launch EC2 instance, refer below figure to configure it.
In Advance Setting, under user Data Section, use below Script.
#!/bin/bash
sudo su
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo " This is Dclessons Response coming from server A" > /var/www/html/index.html
Repeat the same script for Second EC2 instance
#!/bin/bash
sudo su
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo " This is Dclessons Response coming from server B" > /var/www/html/index.html
Creating Load Balancer:
In the EC2 Console, Navigate to Target Groups, present in the left panel under Load Balancing. | Click on the Create target group button.
Choose Instance Type: Instances | Target Group name: Dclessons-TG with protocol HTTP and port 80.
Select VPC: Default VPC , protocol Version: HTTP | Health Check: HTTP with Health Check path /index.html | Click Next.
Under Register Target , Select both EC2 instances and Click Include as pending Below.
Now go to Load balancer Section, Click to create Application load balancer | Under basic Configuration : Name: Dclessons-App-LB | Scheme: Internet facing | IP address type: IPV4. Under VPC: Select Default VPC and Subnet: Default-Sub-east-2a.
Under Security Group section: Select default Security Group and in Listeners and Routing:
Listener: HTTP:80, Protocol TCP , Port 80 and target Group : Dclessons-TG.
Click Create Load balancer.
LEAVE A COMMENT
Please login here to comment.