_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
CS EN DE
Let's talk

WAF Configuration — Web Application Firewall

04. 06. 2021 1 min read intermediate

WAF blocks SQL injection, XSS, and bot traffic at the application layer. A defense-in-depth layer.

ModSecurity + OWASP CRS

WAF Configuration — Web Application Firewall

modsecurity on; modsecurity_rules_file /etc/modsecurity/crs/crs-setup.conf; modsecurity_rules_file /etc/modsecurity/crs/rules/*.conf;

AWS WAF

resource “aws_wafv2_web_acl” “main” { default_action { allow {} } rule { name = “aws-managed” statement { managed_rule_group_statement { vendor_name = “AWS” name = “AWSManagedRulesCommonRuleSet” } } } }

Key Takeaway

WAF is defense-in-depth, not a replacement for secure code. Start with managed rules.

securitywafwebmodsecurity
Share:

CORE SYSTEMS team

We build core systems and AI agents that keep operations running. 15 years of experience with enterprise IT.

All articles

More know-how

OWASP Top 10 — Web Application Security

OWASP recommendations in Java EE. SQL injection, XSS, CSRF, and how to defend against them.

CSRF Protection — Cross-Site Request Forgery

How CSRF attacks work and how to defend against them. Token, SameSite cookies, Double Submit.

Burp Suite Basics — Web Security Testing

How to use Burp Suite for web application testing.