How to set up traffic filter rules including WAF rules
Learn how to set up traffic filter rules including Web Application Firewall (WAF) rules. In this tutorial, we set up the groundwork for subsequent tutorials, where you will configure and deploy rules, followed by testing and analyzing of the results.
To demonstrate the setup process, the tutorial uses the AEM WKND Sites Project.
curious how to get started with securing your AEM site. In this tutorial, we’ll lay the groundwork for setting up standard and WAF traffic filter rules in Adobe Experience Manager as a cloud service. By the end, you’ll have your project ready so you can easily add and deploy both standard and WAF rules in the next tutorials. To begin, you’ll set up your AEM project to support traffic filter rules. At the top level of your project, create a folder called config. Inside this folder, add a file named cdn.yaml. This file will eventually hold your security rules and its structure lets you specify which environments, like development, staging, or production, the rules should apply to. Next, you’ll prepare to deploy these rules using Adobe Cloud Manager.
Log into Cloud Manager, select your program, and create a new config pipeline. Configure the pipeline to target your config folder, select the right environment and repository, and then save your settings. This process ensures that once your rules are ready, you can deploy them smoothly to your AEM environment.
Testing is an important part of the setup. Make sure you have tools like cURL, Vegeta, and Nikto installed on your local machine.
cURL helps you test request and response flows. Vegeta can simulate high request loads for DOS testing and Nikto scans for vulnerabilities. These tools will be essential for verifying your rules once they’re in place. Finally, you’ll wanna analyze the results of your security setup.
Adobe provides the AEMCS CDN log analysis tooling, which lets you visualize and review traffic patterns and security events using dashboards built on platforms like ELK or Splunk. You can ingest CDN logs from Cloud Manager and use these dashboards to monitor block traffic, suspicious activity, and overall rule effectiveness.
To recap, in this tutorial, you’ve set up your project structure, prepared your config pipeline, and ensured you have the right tools for testing and analysis. This groundwork will make it easy to add and deploy both standard and WAF traffic filter rules in the next steps.
Ready to move forward? In the following tutorials, we’ll walk through how to implement Adobe’s recommended standard and WAF rules and show you how to test and analyze their effectiveness.
Setup overview
The groundwork for subsequent tutorials involves the following steps:
- Creating rules within your AEM project in the
config
folder - Deploying rules using the Adobe Cloud Manager config pipeline.
- Testing rules with tools like Curl, Vegeta, and Nikto
- Analyzing results using the AEMCS CDN Log Analysis Tooling
Create rules in your AEM project
To define the standard and WAF traffic filter rules within your AEM project, follow these steps:
-
At the top level of your AEM project, create a folder named
config
. -
Inside the
config
folder, create a file namedcdn.yaml
. -
Use the following metadata structure in
cdn.yaml
:
kind: "CDN"
version: "1"
metadata:
envTypes: ["dev", "stage", "prod"]
data:
trafficFilters:
rules:
In the next tutorial, you learn how to add Adobe’s recommended standard traffic filter and WAF rules to the above file as a solid foundation for your implementation.
Deploy rules using Adobe Cloud Manager
In preparation of deploying the rules, follow these steps:
-
Log in to my.cloudmanager.adobe.com and select your program.
-
From the Program Overview page, go to the Pipelines card and click +Add to create a new pipeline.
-
In the pipeline wizard:
- Type: Deployment Pipeline
- Pipeline Name: Dev-Config
-
Source Code configuration:
- Code to deploy: Targeted deployment
- Include: Config
- Deployment Environment: for example,
wknd-program-dev
- Repository: Git repo (for example,
wknd-site
) - Git Branch: Your working branch
- Code Location:
/config
-
Review the pipeline configuration and click Save.
In the next tutorial, you learn how to deploy the pipeline to your AEM environment.
Test rules using tools
To test the effectiveness of your standard traffic filter and WAF rules, you can use various tools to simulate requests and analyze how your rules respond.
Verify that you have the following tools installed on your local machine or follow the instructions to install them:
You can verify the installation using the following commands:
# Curl version check
$ curl --version
# Vegeta version check
$ vegeta -version
# Nikto version check
$ cd <PATH-OF-CLONED-REPO>/program
$ ./nikto.pl -Version
In the next tutorial, you learn how to use these tools to simulate high request loads and malicious requests to test the effectiveness of your traffic filter and WAF rules.
Analyze results
To prepare for analyzing the results, follow these steps:
-
Install the AEMCS CDN Log Analysis Tooling to visualize and analyze the patterns using pre-built dashboards.
-
Perform CDN logs ingestion by downloading logs from the Cloud Manager UI. Alternatively, you can forward logs directly to a supported hosted logging destination such as Splunk or Elasticsearch.
AEMCS CDN Log Analysis Tooling
To analyze the results of your traffic filter and WAF rules, you can use the AEMCS CDN Log Analysis Tooling. This tooling provides pre-built dashboards for visualizing CDN traffic and WAF activity by leveraging logs collected from the AEMCS CDN.
AEMCS CDN Log Analysis Tooling supports two observability platforms, ELK (Elasticsearch, Logstash, Kibana) and Splunk.
It is possible to use the Log Forwarding feature to stream your logs to a hosted ELK or Splunk logging service, where you can install a dashboard to visualize and analyze the standard traffic filter and WAF traffic filter rules. However, for this tutorial, you will set up the dashboard on a local ELK instance installed on your computer.
-
Clone the AEMCS-CDN-Log-Analysis-Tooling repository.
-
Follow the ELK Docker container setup guide to install and configure the ELK stack locally.
-
Using ELK dashboards, you can explore metrics like IP requests, blocked traffic, URI patterns, and security alerts.
CDN logs ingestion
To ingest CDN logs into the ELK stack, follow these steps:
-
From Cloud Manager’s Environments card, download the AEMCS Publish service’s CDN logs.
note tip TIP It may take up to 5 minutes for the new requests to appear in the CDN logs. -
Copy the downloaded log file (for example,
publish_cdn_2025-06-06.log
in the screenshot below) into thelogs/dev
folder of the Elastic dashboard tool project. -
Refresh the Elastic dashboard tool page.
-
In the top Global filter section, edit the
aem_env_name.keyword
filter and select thedev
environment value. -
To change the time interval, click the calendar icon in the top-right corner and select the desired time interval.
-
-
In the next tutorial, you learn how to analyze the results of the standard traffic filter and WAF traffic filter rules using the pre-built dashboards in the ELK stack.
Summary
You have successfully set up the groundwork for implementing traffic filter rules including WAF rules in AEM as a Cloud Service. You created a configuration file structure, pipeline for deployment, and prepared tools for testing and analyzing the results.
Next steps
Learn how to implement the Adobe recommended rules using the following tutorials:
Protecting AEM websites using standard traffic filter rules
Learn how to protect AEM websites from DoS, DDoS and bot abuse using Adobe-recommended standard traffic filter rules in AEM as a Cloud Service.
Protecting AEM websites using WAF traffic filter rules
Learn how to protect AEM websites from sophisticated threats including DoS, DDoS, and bot abuse using Adobe-recommended Web Application Firewall (WAF) traffic filter rules in AEM as a Cloud Service.
Advanced use cases
Beyond the Adobe-recommended standard traffic filter and WAF rules, you can implement advanced scenarios to achieve specific business requirements. These scenarios include:
Learn how to monitor sensitive requests by logging them using traffic filter rules in AEM as a Cloud Service.
Learn how to restrict access by blocking specific requests using traffic filter rules in AEM as a Cloud Service.
Learn how to normalize requests by transforming them using traffic filter rules in AEM as a Cloud Service.