waf

I Would like to understand what is the difference between WAF, Security Group, and a routing table. Let's say I have a VPC, 2 subnets (a private one) and I want to deploy a web application (UI and backend service and a database (RDS)), In this scenario where does WAF and security groups come into the picture. Can someone help me to understand a use case?

I heard that Azure App Gateway's Web App Firewall is able to protect apps from SQL injection attacks. How does it actually achieve that?

Does it inspect all the incoming payload (both body and URL params)? If it does, I assume TLS termination has to be set up on the Application Gateway level, otherwise it wouldn't be able to read anything. Does it just look for some suspicious strings in the payload (like ";DROP TABLE....")? How does it know if the content in the payload is safe or not? I mean, I could be sending some payload to my web app that could look like SQL injection - how does the WAF know which request is an attack and which isn't?

i have a question related to design and architecture needs instead of issue one, we have a kubernetes cluster which handle our production workload, we need to secure external traffic to this cluster so we have designed this approach :

• make a worker node with ingress controller and without any workload
• place this worker node in a DMZ zone in order to handle external traffic to our clusterIP services of our applications.

is that a good idea for securing our workloads ?

if we place an HAproxy in a DMZ zone (as a L4 just to load balance traffic to workers to be handled by ingress nginx for ex) it'll not give us an other level of security (protocol break)

note that we don't have a WAF. Any ideas please??

I got a microservice in an ECS instance in AWS behind a WAF, I want to create these rules:

1. Allow specific IPs (done)
2. Allow all connections from inside the VPN (done)
3. Deny all the other requests.

The first two IP set are created, but I can't make the last one to work. I tried creating the IP set with 0.0.0.0/0 and another combinations without success.

This is my code, I removed ipset 1 and 2 (that are working), this is the ipset 3:

I need to get an ALB name or id to attach WAF rules to it. The ALB is created by Kubernetes and not used anywhere in Terraform. Oficial data resource only supports name and arn with no filtering.

I'm deploying WAF with Cloud Armor and I realized that the rules can be created in a "Preview only" mode and that there are Cloud Armor entries in Cloud Logging.

The problem is that when I create a "Preview only" rule and that rule is matched by some request, I cannot differentiate, in the logs, the requests that matched some specific rule and/or the normal, ordinary requests. They look all pretty much the same.

Are there any logging attributes that only exist (or have specific values) when the request match a specific rule in these cases? Because the only way I found to explicitly check the rules matched by some request is unchecking the "Preview only" flag, and it is not nice for production when testing.

My company has 2 AWS accounts. On the first (lets call it playground), I have full administrative permissions. On the second (lets call it production) I have limited IAM permissions

I enabled AWS Config (using the terraform file on the appendix) on both accounts.

• On the playground it runs smoothly, everything is fine.
• One the production, it fails. More specifically, it fails to detect the account's resources with the message "Your resources are being discovered" as shown in the screenshot below.

I initially suspected this could be an IAM role permission issue.

e.g running

aws configservice list-discovered-resources --resource-type AWS::EC2::SecurityGroup --profile playground gives me a list of the SecurityGroups discovered by the AWS Config on the playground (pretty much what I see on the console dashboard).

On the other hand:

aws configservice list-discovered-resources --resource-type AWS::EC2::SecurityGroup --profile production returns a null list (there are security groups though. Same results with other types such as AWS::EC2::Instance)

I have an App Service (SSL and Custom domain configured at App Service level) for which I would like to add Azure WAF protection as a layer that sits in front of the App Service. I learned that I can do this by using an Application Gateway or Azure Frontdoor. But as a cost optimization approach, can I use WAF only without integrating with a load balancing resource?

Thanks in advance.

I have a Python script running as a lambda function to send data in S3 to Splunk. It can read my data, but cannot send data to Splunk. Can anyone please make any changes to the script attached?