WAF (Web Application Firewall)

From the Security Speciality certification course, I understand that WAF sits between our customers and our resources by analyzing the application traffic and block the traffic that matches the web ACL. We all know that the data is encrypted end to end (HTTPS) how will the WAF be able to analyze the data before SSL offloading? if the data is analyzed after the SSL offloading (example after the reqyuest reaches the ALB and SSL offloading takes place at ALB, then does this WAF analyzes the data?), if yes, the  our resources like ALB and CloudFront are still prone to attack right? Can anyone please help me with this?
  • post-author-pic
    Adrian C
    10-16-2018

    If you are using a CF distribution then the request is decrypted at the edge location where the request arrives. At that point - either it serves the data from cache or does an origin fetch from the origin. The origin fetch can be HTTP or HTTPS (depending on the origin). WAF has an opportunity to review and act on the traffic before it reaches ALB/other origins.


    Resources are always prone to attack - the idea is that WAF handles traffic at the point of decrypt, before any infrastructure further down the chain is used.

    /Adrian

  • post-author-pic
    Vamshi R
    10-16-2018

    Ahh, I understood the concept now, its just I am confuded with the statement that 'WAF is positioned between end users and our resources', now it make sesne :)

Looking For Team Training?

Learn More