Securing a GCP web application is an important cloud security skill. In this lab scenario, it’s your responsibility to implement two Cloud Armor web application firewall (WAF) rules that will defend against web app attacks. By implementing SQLi and XSS WAF rules, your web app will be less vulnerable to OWASP Top 10 injection attacks and more secure as a whole.
Successfully complete this lab by achieving the following learning objectives:
- Create HTTP(S) Cloud Load Balancer
- Use the Cloud Load Balancing service to create an HTTP(S) load balancer.
- Create a frontend service named front.
- Create a backend service named back.
- Create a Health Check named healthcheck.
- Create Cloud Armor WAF Rules
- Create a Cloud Armor security policy named secpolicy.
- Create a rule named US only and SQLi that uses US as the origin region code and the preconfigured expression for "sqli-canary".
- Create a rule named XSS that uses the preconfigured expression for
xss-canarybut excludes the OWASP core rule set v020901-id981136.
- Enable Cloud Armor logging.
- Enable Adaptive Protection.