- 10
- 85 686
The AWS Ninja
Приєднався 15 січ 2022
A channel that takes AWS technologies and makes them simple.
6 minutes or less, guaranteed!
Sometimes 7, maybe, I don't know.
6 minutes or less, guaranteed!
Sometimes 7, maybe, I don't know.
CloudFront Behaviors
We cover CloudFront behaviors, what can be done with them and how to use them.
#aws #cloudfront #cdn #cache
#aws #cloudfront #cdn #cache
Переглядів: 5 548
Відео
DDoS Protection with AWS WAF
Переглядів 13 тис.9 місяців тому
Basic configuration for AWS WAF, solely focused on dealing with L7 DDoS attacks. This is by no means a comprehensive WAF configuration, but it's super effective against HTTP floods. #aws #waf #ddos
Custom keys for AWS WAF rate-based rules
Переглядів 9 тис.Рік тому
This cool new feature for AWS WAF allows you to start rate-limit incoming requests by tracking non-IP elements (countries, query string parameters, AWS WAF labels, etc.).
Geoblocking using AWS Edge Services
Переглядів 5 тис.2 роки тому
This video describes how to use block/control access from certain countries to your application: 1) CloudFront Geo Restrictions - docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html 2) CloudFront Functions - docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-redirect-url.html 3) AWS WAF - docs.aws.amazon.com/waf/latest/developerguide/waf-rule...
AWS WAF Versioning
Переглядів 5 тис.2 роки тому
How to use version on AWS Managed Rules in AWS WAF AWS Doc about versions: docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups-versioning.html
AWS WAF Account Takeover Prevention - A Walkthrough
Переглядів 15 тис.2 роки тому
This video will take you through some of the key capabilities of the new AWS WAF Account Takeover Prevention (ATP) feature-set. Some documentation links: ATP managed rule group description: docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-atp.html Developer's guide (including the application integration manuals): docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html
False Positive Mitigation Techniques on AWS WAF
Переглядів 3,2 тис.2 роки тому
This video describes a few ways to mitigate false positives when using AWS WAF. The most specific ways to avoid false positives would be to use WAF Labels.
Getting Started with AWS WAF
Переглядів 6 тис.2 роки тому
Ever wondered which rules go in a new AWS WAF Web ACL? Well, worry no more... AWS WAF Automations solution: aws.amazon.com/solutions/implementations/aws-waf-security-automations/
How to run HTTP Redirects on AWS CloudFront
Переглядів 15 тис.2 роки тому
This video covers 3 ways to run HTTP redirects with CloudFront: 1) Lambda@Edge 2) CloudFront Functions 3) AWS WAF Some documentation: L@E: docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examples-generated-response-examples CFF: docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/example-function-redirect-url.html WAF: docs.aws.amazon.com/waf/latest...
Using AWS WAF with CAPTCHA
Переглядів 9 тис.2 роки тому
A quick demo showing how to use AWS WAF with CAPTCHA for different use cases: 1) Protect your application's login page 2) Limit access from certain countries to certain URLs 3) Challenge users with high rates for traffic
Awesome! Is possible to redirect 40+ URLs to redirect to the same website using lambda and cloudfront? For example /old.url/product/api/index.html to /new.url/api/authentication/config/index.html#group. Thanks
You can certainly create a URI match WAF rule for each, with a custom 307 response to the new URI
Very very useful!!!!!
I get a 405 CORS error
Hello i have an ec2 instance. How do i link the instance to the waf?
Either put an ALB on top of it, or better use CloudFront. Attach WAF to either ALB or CloudFront
Great video - you really understand what your talking about! Sad havne't seen new vids for 2 years
hello! It works in Elastic Beanstalk apps?
You can certainly use WAF on top of ALB
Awesome content
Do I need to point the aws instance/domain somewhere after creating the rules ? I mean I have a single web apache server in aws ec2, this rules will apply automatic without pointing to the instance or I need to point this rules to the instace/domain ?
I need to attach the web acl to a CloudFront distribution or an ALB, and they should point to your instance. If it's just a single server, CloudFront is cheaper and better in your case.
thank you so much
Amazing!
do you need to integrate some javascript for the captcha showing up in the browser? or does it work out of the box
By default, it just works out of the box. If you want to have the captcha show as a part of the webpage, there is an sdk for it.
hi thanks for this video, question is this aws shield / waf apply in all ec2 servers?
You apply waf to CloudFront, alb, api gw, and a few other services. Shield is applicable to CloudFront and alb, as well as elastic IP
Exactly what I needed, brilliant video and covers a lot of important points, thank you.
Out of curiosity, say if an IP address was blocked, is that just for the 5 minute window, or does that go into a blocked ip list which is editable? The latter is very appealing to me.
The IP remain limited until it stops sending traffic for a while. The list is not editable, but you can use cli or api to list the offending IPs - docs.aws.amazon.com/waf/latest/developerguide/listing-managed-ips.html
@@the-aws-ninja Great thanks are you going to do a video on setting up CloudFront for all that additional noise you spoke of here? Would love to see it.
How would solve the following risk with POST based rate limiting: A single IP can easily cause a denial of service to other users by POSTing beyond this limit.
Absolutely. You should always keep multiple layers of rate based rules - IP based for non Distributed attempts, and non IP based for other attacks. You can also create, for the POST scenario, 2 rate based rules - one set as low as 100 requests per IP, scoped down to only POST requests, and another rule, set at a higher threshold, to count ALL POST requests. Thank you for this question!
Thank you for the awesome content@@the-aws-ninja
I don't know computer knowledge,,,,, thanks lot,,,❤❤
non sense!, where is the login page with captcha?
If you have a cloudfront distribution you can select it in the WAF and Rule creation screen, so the captcha will be automatically applied.
Great video!
Thanks, I was looking for a video to differentiate Lambda Edge and CloudFront Functions
Sw
1ü1 aaaa😮aA
thanks alot.
Very very nice content, thanks mate!
Great ideas! I would have loved to see the captcha in action with a usage example.
Redirects force the use of CORS witch breaks samesite and will be problematic when 3rd party cookies get dropped by browser vendors. In those cases it would be good to have the option to do a forward.
pkease make a video by explaining aws custome managed rule and also how to protect from xss and sql injection in custom manner
Interesting take. It probably won't be short, but I'll put it on my work queue!
@@the-aws-ninja yes please looking forward to it.
nice job!
Thank you! Cheers!
I didn't see the actual captcha. How do you put that captcha on your webpage?
Aq
Pm p pp ok.
Is there any option to do rewrite to the URI? Let’s say I have /api/int/index.htm -> rewrite to -> api/1427389/int/index.htm
You can use CloudFront Functions or Lambda@Edge for that
B
nice one!