EMAIL SUPPORT

dclessons@dclessons.com

LOCATION

US

LAB : Configure WAF to block Web traffic

LAB : Configure WAF to block Web traffic

LAB : Configure WAF to block web traffic in AWS.

Topology:

Refer below topology to configure WAF.

Task :

  • Create Security Group for Load Balancer, here we will be using default SG which allows all traffic.
  • Create the web servers in Default VPC
  • Create a Load Balancer: Dclessons-App-LB and test the traffic from it.
  • Create an IP Set: Dclessons-IP-Set along with web ACL named Dclessons-Web-ACL
  • Testing the working of the WAF with blocking and Unblocking the IP

Solution:

Launching EC2 Instance:

Launch EC2 instance, refer below figure to configure it.

In Advance Setting, under user Data Section, use below Script.

#!/bin/bash

sudo su

yum update -y

yum install -y httpd

systemctl start httpd

systemctl enable httpd

echo " This is Dclessons Response coming from server A" > /var/www/html/index.html

Repeat the same script for Second EC2 instance

#!/bin/bash

sudo su

yum update -y

yum install -y httpd

systemctl start httpd

systemctl enable httpd

echo " This is Dclessons Response coming from server B" > /var/www/html/index.html

Creating Load Balancer:

In the EC2 Console, Navigate to Target Groups, present in the left panel under Load Balancing. | Click on the Create target group button.

Choose Instance Type: Instances | Target Group name: Dclessons-TG with protocol HTTP and port 80.

Select VPC: Default VPC , protocol Version: HTTP | Health Check: HTTP with Health Check path /index.html | Click Next.

Under Register Target , Select both EC2 instances and Click Include as pending Below.

Now go to Load balancer Section, Click to create Application load balancer | Under basic Configuration : Name: Dclessons-App-LB | Scheme: Internet facing | IP address type: IPV4. Under VPC: Select Default VPC and Subnet: Default-Sub-east-2a.

Under Security Group section: Select default Security Group and in Listeners and Routing:

Listener: HTTP:80, Protocol TCP , Port 80 and target Group : Dclessons-TG.

Click Create Load balancer.  


Comment

    You are will be the first.

LEAVE A COMMENT

Please login here to comment.