π‘οΈ AWS Project: Setting Up ALB with AWS WAF to Block SQL Injection, Geo Location and Query String
This project introduces the use of an Application Load Balancer (ALB) to distribute traffic across two EC2 instances with advanced security features using AWS WAF.
This project is designed to simulate a real-world scenario where application security and scalability are top priorities. It allows you to learn how to deploy an AWS WAF Web ACL to block requests based on geolocation, SQL injection attempts, and specific query strings. By configuring two EC2 instances and placing them behind an Application Load Balancer, you not only gain insights into scalable architectures but also understand how AWS WAF interacts with Elastic Load Balancing to protect against common web exploits. AWS WAF enables the creation of custom rules to filter traffic and block malicious actors while following a cost-effective, pay-as-you-go pricing model.
- Amazon EC2 β To host the web servers.
- Application Load Balancer (ALB) β To distribute incoming traffic across the two EC2 instances.
- AWS WAF β To apply web access control rules and block malicious traffic.
- Security Groups β To control inbound and outbound traffic to the instances and load balancer.
- Target Groups β To register EC2 instances for load balancing.
Staying with the default VPC, I created a security group MyWebserverSG with the following inbound rules:
| Type | Protocol | Port Range | Source |
|---|---|---|---|
| HTTP | TCP | 80 | 0.0.0.0/0 |
| HTTPS | TCP | 443 | 0.0.0.0/0 |
| SSH | TCP | 22 | 0.0.0.0/0 |
I launched two EC2 instances: MyEC2Server1 and MyEC2Server2. They share the following configurations:
- AMI Amazon Linux 2
- Instance Type: t2.micro
- Key Pair: myKey
- Auto-assign Public IP: Enabled
- Security Group:
MyWebserverSG
With the following user data scripts:
MyEC2Server1
#!/bin/bash
sudo su
yum update -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo "<html><h1> Welcome to Nidhal's Server 1 </h1></html>" >> /var/www/html/index.htmlMyEC2Server2
#!/bin/bash
sudo su
yum update -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo "<html><h1> Welcome to Nidhal's Server 2 </h1></html>" >> /var/www/html/index.htmlFirst, I created a Target Group named MyWAFTargetGroup and registered both EC2 instances as targets.
Then, I created an Application Load Balancer named MyWAFLoadBalancer with the following settings:
- Scheme: Internet-facing
- Security Group:
MyWebserverSG - Listener: HTTP (Port 80) forwarding traffic to
MyWAFTargetGroup
Using the DNS name of the load balancer, I tested round-robin access between the two servers via a browser.
β As seen above, traffic is successfully balanced between both EC2 instances.
SQL innjection test :
Example: http://<ELB DNS>/product?item=securitynumber'+OR+1=1--
Query Strings test :
Example: http://<ELB DNS>/?admin=123456
I created a Web ACL named MyWAFWebAcl in the US East (N. Virginia) region.
I added the following managed rule groups:
- πΊοΈ GeoLocationRestriction β to restrict traffic from outside Algeria
- π QueryStringRestriction β to block specific patterns in query strings
- π£ AWS SQL Database Rule Group β to detect and block SQL injection attempts
I re-tested the application with SQL injection and query string payloads.
SQL innjection test :
β
WAF blocks the SQL injection with a **403 Forbidden** response, confirming the rule works.
Query Strings test :
β
Query strings are now blocked, and the WAF correctly denies access.
β I successfully configured an Application Load Balancer with AWS WAF to restrict traffic based on geolocation (allowing only Algeria) and protect against SQL injection and malicious query strings. This architecture simulates a secure and scalable cloud-based web application environment.
Made with π» by Nidhal Labri
π LinkedIn