How to set up Traffic Filter rules including WAF rules
Learn how to set up traffic filter rules, including WAF rules. Read about creating, deploying, testing, and analyzing results.
Setup
The setup process involves the following:
- creating rules with an appropriate AEM project structure and configuration file.
- deploying rules using Adobe Cloud Manager’s configuration pipeline.
- testing rules using various tools to generate traffic.
- analyzing the results using AEMCS CDN logs and dashboard tooling.
Create rules in your AEM project
To create rules, follow these steps:
-
At the top level of your AEM project, create a folder
config. -
Within the
configfolder, create a new file calledcdn.yaml. -
Add the following metadata to the
cdn.yamlfile:
kind: CDN
version: '1'
metadata:
envTypes:
- dev
- stage
- prod
data:
trafficFilters:
rules:
See an example of the cdn.yaml file within the AEM Guides WKND Sites Project:
Deploy rules through Cloud Manager deploy-rules-through-cloud-manager
To deploy the rules, follow these steps:
-
Log into Cloud Manager at my.cloudmanager.adobe.com and select the appropriate organization and program.
-
Navigate to the Pipelines card from the Program Overview page and click the +Add button and select the desired pipeline type.
In the example above, for demo purposes Add Non-Production Pipeline is selected since a dev environment is used.
-
In the Add Non-Production Pipeline dialog, choose and enter the following details:
-
Configuration step:
- Type: Deployment Pipeline
- Pipeline Name: Dev-Config
-
Source Code step:
- Code to deploy: Targeted deployment
- Include: Config
- Deployment Environment: Name of your environment, for example, wknd-program-dev.
- Repository: The Git repository from where the pipeline should retrieve the code; for example,
wknd-site - Git Branch: The name of the Git repository branch.
- Code Location:
/config, corresponding to the top-level configuration folder created in the previous step.
-
Test rules by generating traffic
To test rules, there are various third-party tools available and your organization may have a preferred tool. For the demo purpose, let’s use the following tools:
-
Curl for basic testing like invoking a URL and checking the response code.
-
Vegeta to perform denial of service (DOS). Follow the installation instructions from the Vegeta GitHub.
-
Nikto to find potential problems and security vulnerabilities like XSS, SQL injection, and more. Follow installation instructions from the Nikto GitHub.
-
Verify that the tools are installed and available in your terminal by running the commands below:
code language-shell # Curl version check $ curl --version # Vegeta version check $ vegeta -version # Nikto version check $ cd <PATH-OF-CLONED-REPO>/program ./nikto.pl -Version
Analyze results using the dashboard tooling
After creating, deploying, and testing the rules, you can analyze the results using CDN logs and AEMCS-CDN-Log-Analysis-Tooling. The tooling provides a set of dashboards to visualize the results for Splunk and ELK (Elasticsearch, Logstash, and Kibana) stack.
The tooling can be cloned from the AEMCS-CDN-Log-Analysis-Tooling GitHub repository. Then, follow the instructions to install and load the CDN Traffic Dashboard and WAF Dashboard dashboards for your preferred observability tool.
In this tutorial, let’s use the ELK stack. Follow the ELK Docker container for AEMCS CDN Log Analysis instructions to set up the ELK stack.
-
After loading the sample dashboard, your Elastic dashboard tool page should look like the following:
Next step
Learn how to declare traffic filter rules including WAF rules in the Examples and result analysis chapter, using the AEM WKND Sites Project.