保护Laravel(Vapor)使用自定义AWSWAF规则
为了保护 Laravel应用程序(在Vapor中),可以使用AWS WAF来阻止潜在的恶意请求。下面是一些具体的实现步骤:
-
创建一个 AWS WAF Web ACL(网络应用防火墙)以用于阻止恶意流量。
-
添加一些自定义的 AWS WAF 规则以匹配您想要阻止的恶意流量,并将这些规则关联到 Web ACL。
例如,以下 AWS WAF 规则将阻止来自恶意 IP 地址和具有深层嵌套 JSON 对象的请求:
{ "Name": "Block_Malicious_IPs", "Priority": 1, "Statement": { "IPSetReferenceStatement": { "ARN": "arn:aws:wafv2:us-east-1:123456789012:regional/ipset/Malicious_IPs", "IPSetForwardedIPConfig": { "FallbackBehavior": "Match", "HeaderName": "X-Forwarded-For", "Position": "FIRST" } } }, "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "Block_Malicious_IPs", "SampledRequestsEnabled": true } }, { "Name": "Block_Nested_JSON_Objects", "Priority": 2, "Statement": { "ANDStatement": { "Statements": [ { "ByteMatchStatement": { "FieldToMatch": { "SingleHeader": { "Name": "Content-Type" } }, "PositionalConstraint": "EXACTLY", "SearchString": "application/json" } }, { "NotStatement": { "Statement": { "RegexPatternSetReferenceStatement": { "ARN": "arn:aws:wafv2:us-east-1:123456789012:regional/regset/Nested_JSON_Objects" } } } } ] } }, "VisibilityConfig": { "CloudWatchMetricsEnabled": true, "MetricName": "Block_Nested_JSON_Objects", "SampledRequestsEnabled": true } }
- 将 Web ACL 与 Vapor 应用程序的负载均衡器关联。
以下是一个简单的 Terraform 配置示例,用于实现上述步骤:
Create an AWS WAF IP set for blocking malicious IPs
resource "aws_wafv2_ip_set" "malicious_ips" { name = "Malicious_IPs_Set" }
Create an AWS WAF rule for blocking malicious IPs
resource "aws_wafv2_rule" "block_malicious_ips" { name = "Block_Malicious_IPs" metric_name = "Block_Malicious_IPs"
statement { ip_set_reference_statement { arn = aws_wafv2_ip_set.malicious_ips.arn ip_set_forwarded_ip_config { fallback_behavior = "MATCH" header_name = "X-Forwarded-For" position = "FIRST" } } }
visibility_config { cloudwatch_metrics_enabled = true sampled_requests_enabled = true metric_name = "Block_Malicious_IPs" } }
Create an AWS WAF regex pattern set for blocking nested JSON objects
resource