How can we protect against malformed requests?
A) Using Shield Standard
B) Use an AWS WAF rule with string match conditions
C) Create lamba function to identify malformed requests and update AWS WAF rules to block the IPs of the malicious traffic
Which is the most correct?
What is malformed request anyway?
Malformed request is the requests that can’t be process by your servers such request containing invalid headers. The option C looks most correct to me. You could use the CloudFront to distribute your web sites, and have the CloudFront to publish the access logs to the S3; you can enable event notification on the bucket and have a Lambda function subscribe to the event to read the logs file and then update your WAF ACL.
Both WAF and ELB can check for malformed requests