_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

WAF konfigurace — Web Application Firewall

04. 06. 2021 1 min read intermediate

WAF blokuje SQL injection, XSS, bot traffic na aplikační vrstvě. Defense-in-depth vrstva.

ModSecurity + OWASP CRS

Nginx

modsecurity on; modsecurity_rules_file /etc/modsecurity/crs/crs-setup.conf; modsecurity_rules_file /etc/modsecurity/crs/rules/*.conf;

AWS WAF

resource “aws_wafv2_web_acl” “main” { default_action { allow {} } rule { name = “aws-managed” statement { managed_rule_group_statement { vendor_name = “AWS” name = “AWSManagedRulesCommonRuleSet” } } } }

Key Takeaway

WAF je defense-in-depth, ne náhrada za bezpečný kód. Začněte s managed rules.

securitywafwebmodsecurity
Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

OWASP Top 10 — Web Application Security

OWASP recommendations in Java EE. SQL injection, XSS, CSRF, and how to defend against them.

CSRF ochrana — Cross-Site Request Forgery

Jak funguje CSRF útok a jak se bránit. Token, SameSite cookies, Double Submit.

Burp Suite Basics — Web Security Testing

How to use Burp Suite for web application testing.