Rule: ELB Application Load Balancers with WAF Enabled
This rule ensures that ELB application load balancers have Web Application Firewall (WAF) enabled.
| Rule | ELB application load balancers should have Web Application Firewall (WAF) enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Medium |
Rule/Policy Description: Enable Web Application Firewall (WAF) for ELB application load balancers as a part of CISA Cyber Essentials.
To ensure the security of ELB (Elastic Load Balancer) application load balancers and comply with CISA Cyber Essentials, it is recommended to enable Web Application Firewall (WAF) for these load balancers. WAF provides an additional layer of protection by inspecting and filtering HTTP/HTTPS traffic between clients and the load balancer, safeguarding applications from common web vulnerabilities and attacks.
Enabling WAF helps protect against various threats such as SQL injection, cross-site scripting, and other web application-based attacks. By enforcing security policies, monitoring traffic patterns, and alerting or blocking suspicious activities, WAF ensures the integrity and availability of applications hosted behind the load balancer.
Troubleshooting Steps (if applicable):
If you encounter any issues during the process of enabling WAF on an ELB application load balancer, follow these troubleshooting steps:
- 1.
Double-check IAM permissions: Ensure that the IAM (Identity and Access Management) user or role used to enable WAF has the necessary permissions. The user/role should have
andelasticloadbalancing:DescribeLoadBalancers
permissions.waf-regional:AssociateWebACL - 2.
Verify WAF availability: Ensure that the AWS region you are working in supports WAF and that the WAF service is available.
- 3.
Check existing WAF resources: If you have already enabled WAF for your AWS account, ensure that you haven't reached any limits on WAF resources, such as web ACLs or rules.
- 4.
Review WAF logs and metrics: If WAF is enabled but you are still experiencing issues, check the WAF logs and metrics for any relevant information that can help in troubleshooting the problem.
Necessary Codes (if applicable):
There are no specific codes required for enabling WAF on ELB application load balancers. However, you may need to use AWS CLI commands for associating a web ACL with your load balancer.
Step-by-Step Guide for Remediation:
Follow these step-by-step instructions to enable Web Application Firewall (WAF) for an ELB (Elastic Load Balancer) application load balancer as part of CISA Cyber Essentials:
- 1.
Sign in to the AWS Management Console.
- 2.
Open the Amazon EC2 dashboard.
- 3.
Navigate to the Load Balancers section.
- 4.
Select the ELB application load balancer for which you want to enable WAF.
- 5.
In the load balancer details, go to the "Listeners" tab.
- 6.
Under the appropriate listener, click on the "Edit" button.
- 7.
In the "Edit Listener" window, enable the "Enable WAF" option.
- 8.
Select the WebACL (Web Access Control List) that you want to associate with the load balancer. If you haven't created a WebACL yet, click on "Create new WebACL" to create one.
- 9.
Click on the "Save" button to save the changes.
- 10.
The WAF will now be enabled and associated with your ELB application load balancer. It will start inspecting and filtering the incoming traffic based on the defined rules in the WebACL.
Note: Keep in mind that enabling WAF may incur additional costs based on the WAF pricing model and the amount of traffic handled by the load balancer.
Summary:
Enabling Web Application Firewall (WAF) for ELB application load balancers enhances security and helps comply with CISA Cyber Essentials. By following the step-by-step guide provided, you can easily enable WAF for your load balancer and protect your applications from common web vulnerabilities and attacks.