In AWS WAF, you can set rules with different actions. What happens when a web request matches a rule whose action is set to COUNT?
Think about what the COUNT action means: it lets the request pass but tracks it.
When a request matches a rule with action COUNT, AWS WAF allows the request to pass through but increments the count metrics for monitoring.
You have a web application served through Amazon CloudFront. To protect it using AWS WAF, where should you associate the WAF web ACL?
Think about where CloudFront processes requests before sending them to origins.
AWS WAF web ACLs can be associated directly with CloudFront distributions to inspect and filter incoming requests before they reach the origin.
You configure a rate-based rule in AWS WAF to block IP addresses that send more than 1000 requests in 5 minutes. What is the expected behavior when an IP exceeds this limit?
Consider how rate limiting works to protect against sudden traffic spikes.
Rate-based rules block IP addresses temporarily when they exceed the configured request rate. The block is lifted when the rate drops below the threshold.
To protect your web application from SQL injection attacks, which AWS WAF feature should you enable or configure?
Think about specialized rules designed to detect common attack patterns.
AWS Managed Rules include pre-configured protections against SQL injection (SQLi). Enabling these rules helps detect and block SQLi attempts effectively.
Consider AWS WAF Classic and the latest AWS WAF service. What is the main difference in how they manage rules and web ACLs?
Think about improvements in modularity and reusability in newer AWS WAF versions.
The latest AWS WAF supports reusable rule groups and managed rule sets, allowing easier and modular rule management. AWS WAF Classic lacks these features.