Getting Started on Cloud Armor, Protect and Score Protection Levels

1. Filter Traffic from unwanted Geographies
2. Filter Traffic to unwanted paths in your API
3. Filter Traffic with unauthorized methods
4. OWASP Top 10
5. SSL Policy to disallow TLS < target version
1. Targets Per Policy 
( Which are the backends that need to be protected by this policy)
2. Rules Per Policy ( No Limit per policy, 200 rules per project)
( A collection of Allow and Deny rules )
3. Statements Per Rule ( 5 statements limit )
( What are the conditions that are evaluated for allow / deny )
1. Allow rules should take lower priority 
2. Allow rules should be as specific as possible
3. Deny rules should be as broad as possible
4. Start with UAT , and enable it in Preview
origin.region_code != '<ONLY REGION YOU WANT TRAFFIC FROM>' || request.path.contains('/<YOUR PATH>') || 
request.headers.contains('<DISALLOWED HEADERS')
evaluatePreconfiguredExpr('xss-stable') &&evaluatePreconfiguredExpr('protocolattack-stable') && evaluatePreconfiguredExpr('sqli-stable') && evaluatePreconfiguredExpr('lfi-stable') && evaluatePreconfiguredExpr('rfi-stable')
evaluatePreconfiguredExpr('sessionfixation-stable') && evaluatePreconfiguredExpr('protocolattack-stable') && evaluatePreconfiguredExpr('scannerdetection-stable')
1. https://github.com/wallarm/gotestwaf Wallarm
2. https://github.com/signalsciences/waf-testing-framework SignalSci
3. https://github.com/fastly/ftw Fastly
4. https://github.com/f5devcentral/f5-waf-tester F5
docker pull wallarm/gotestwaf
docker run -v ${PWD}/reports:/app/reports --network="host" wallarm/gotestwaf --url=<Your WAF Endpoint>

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store