Documentation
ProductPricingDocsBlog

AWS Web Application Firewall (WAF)

Suggest Edits

Overview

AWS Web Application Firewall (WAF) is a security service that helps protect web applications from common web exploits and attacks by filtering and monitoring HTTP and HTTPS requests. It allows you to create customizable rules to block, allow, or count specific traffic patterns based on conditions like IP addresses, HTTP headers, or query strings.

Follow the instructions on this page to ingest WAF logs, including protection pack (web ACL) logs, into Hydrolix. A Hydrolix cluster can ingest logs from two WAF policy types.

  • Regional: Create a WAF regional policy from within your AWS WAF service
  • Global: Create a WAF global policy from your CloudFront service

Create the AWS Firehose stream

Regional

If you set up an AWS WAF (regional) data source from within the Hydrolix web console, Hydrolix creates an Amazon Data Firehose stream for it in the same region as your Hydrolix service.

Global

If you configure AWS WAF (Global for CloudFront) as a data source in the Hydrolix web console, Hydrolix configures an Amazon Data Firehose stream in the us-east-1 region. AWS enforces this region for the Firehose stream.

Send logs to Firehose

To send WAF logs to the Firehose stream, follow the AWS WAF logging configuration instructions and select the Firehose stream as the destination. The stream name can be found in the data source detail page of the Hydrolix web console and will have a different form depending on whether you created a regional or global stream:

aws-waf-logs-hdx-firehose-regional-{random string}

aws-waf-logs-hdx-waf-firehose-global-{random string}

Additional considerations

Cross-region data transfer costs

If AWS WAF, the Firehose stream, or Hydrolix cluster run in different regions, you may incur additional data transfer costs. All data streaming service costs appear on your AWS bill and aren't included in your Hydrolix subscription.

Confirm which AWS region the Hydrolix cluster is running in on the Product Info page of the Hydrolix web console.

Use the AWS pricing calculator and the Amazon Data Firehose pricing to estimate costs.

Deactivating

You can deprovision the Firehose service provisioned by Hydrolix by selecting de-activate in the Hydrolix web console.

Updated about 5 hours ago