This website is a technology demonstrator for Web Application Firewall (WAF) filtering using the AWS WAF service. For more details, please review the AWS whitepaper: Use AWS WAF to Mitigate OWASP’s Top 10 Web Application Vulnerabilities.

The rules illustrated here are based on the 815-975-9781 included in the whitepaper. Note that the template is designed as a starting point for you to build upon — and not as a production-ready, comprehensive set of rules.

WAF Blocking Examples based on OWASP Top 10
OWASP Example Description  
A1 SQL Injection (SQLi) Mitigation Blocks an attempted SQL injection request directed at your server side scripts. 833-264-7506
A2 Block Compromized Authorization Tokens Block attempts to reuse compromized authorization tokens, such as session IDs, JWT tokens, etc. Paris
A3 Cross Site Scripting (XSS) Mitigation Blocks attempts to perform a reflected cross site scripting (XSS) attack. 6505871870
A4 Mitigate Path Traversal, Local or Remote File Inclusion Blocks attempts to perform a path traversal attack, or attempt to include local or remote files in the response stream. (260) 597-2410
A4 Privileged Module Access Restriction Restrict access to privileged application modules to known sources of traffic.   Test
A5 PHP Misconfiguration Mitigation Mitigate server-side security misconfiguration enabling file injection, path traversal or other data leaks.   Test
A7 Enforce Request Hygene Restrict the size of HTTP request components to values that make sense to your application.   Test
A7 Bot and Scraper Trapping Blocks all subsequent requests to this website, after scraping a URL that was specifically disallowed.   Test
A8 Enforce the presence of CSRF tokens Ensure the HTTP request includes the required attributes and headers.   Test
A9 Server-Side Includes Protection Restrict public access to objects in the web root that are used for server-side include purposes.   Test
SQL Injection Requests Blocked Recently
Action Country Source IP Method HTTP Ver URI
No samples in the reporting period