How can we protect against malformed requests?
A) Using Shield Standard
B) Use an AWS WAF rule with string match conditions
C) Create lamba function to identify malformed requests and update AWS WAF rules to block the IPs of the malicious traffic
Which is the most correct?
What is malformed request anyway?
3 Answers
Malformed request is the requests that can’t be process by your servers such request containing invalid headers. The option C looks most correct to me. You could use the CloudFront to distribute your web sites, and have the CloudFront to publish the access logs to the S3; you can enable event notification on the bucket and have a Lambda function subscribe to the event to read the logs file and then update your WAF ACL.
Hi, can the answer be B? https://aws.amazon.com/blogs/aws/protect-web-sites-services-using-rate-based-rules-for-aws-waf/
I think you can use the WAF to provide protections against some layer 7 attacks such as cross site, SQL injection by itself. I don’t think you can use the WAF alone to protect against malformed requests.
just to clarify, you can create WAF rules against specific headers so it is an option
Both WAF and ELB can check for malformed requests
B
What is a malformed request. After reading a couple of blogs it seems option C is the best. 1) https://softwareengineering.stackexchange.com/questions/350554/tackling-malformed-requests 2) https://kinsta.com/knowledgebase/400-bad-request/. But I am curious to know if option B simple and correct option rather than option C. Thanks