DocumentationAEMAEM TutorialsAEM as a Cloud Service Tutorials

How to set up traffic filter rules including WAF rules

Last update: Mon Jul 21 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
  • Applies to:
  • Experience Manager as a Cloud Service

CREATED FOR:

  • Intermediate
  • Admin
  • Developer

Learn how to set up traffic filter rules including Web Application Firewall (WAF) rules. In this tutorial, we set up the groundwork for subsequent tutorials, where you will configure and deploy rules, followed by testing and analyzing of the results.

To demonstrate the setup process, the tutorial uses the AEM WKND Sites Project.

https://video.tv.adobe.com/v/3469395/?quality=12&learn=on
Transcript

curious how to get started with securing your AEM site. In this tutorial, we’ll lay the groundwork for setting up standard and WAF traffic filter rules in Adobe Experience Manager as a cloud service. By the end, you’ll have your project ready so you can easily add and deploy both standard and WAF rules in the next tutorials. To begin, you’ll set up your AEM project to support traffic filter rules. At the top level of your project, create a folder called config. Inside this folder, add a file named cdn.yaml. This file will eventually hold your security rules and its structure lets you specify which environments, like development, staging, or production, the rules should apply to. Next, you’ll prepare to deploy these rules using Adobe Cloud Manager.

Log into Cloud Manager, select your program, and create a new config pipeline. Configure the pipeline to target your config folder, select the right environment and repository, and then save your settings. This process ensures that once your rules are ready, you can deploy them smoothly to your AEM environment.

Testing is an important part of the setup. Make sure you have tools like cURL, Vegeta, and Nikto installed on your local machine.

cURL helps you test request and response flows. Vegeta can simulate high request loads for DOS testing and Nikto scans for vulnerabilities. These tools will be essential for verifying your rules once they’re in place. Finally, you’ll wanna analyze the results of your security setup.

Adobe provides the AEMCS CDN log analysis tooling, which lets you visualize and review traffic patterns and security events using dashboards built on platforms like ELK or Splunk. You can ingest CDN logs from Cloud Manager and use these dashboards to monitor block traffic, suspicious activity, and overall rule effectiveness.

To recap, in this tutorial, you’ve set up your project structure, prepared your config pipeline, and ensured you have the right tools for testing and analysis. This groundwork will make it easy to add and deploy both standard and WAF traffic filter rules in the next steps.

Ready to move forward? In the following tutorials, we’ll walk through how to implement Adobe’s recommended standard and WAF rules and show you how to test and analyze their effectiveness.

Setup overview

The groundwork for subsequent tutorials involves the following steps:

  • Creating rules within your AEM project in the config folder
  • Deploying rules using the Adobe Cloud Manager config pipeline.
  • Testing rules with tools like Curl, Vegeta, and Nikto
  • Analyzing results using the AEMCS CDN Log Analysis Tooling

Create rules in your AEM project

To define the standard and WAF traffic filter rules within your AEM project, follow these steps:

  1. At the top level of your AEM project, create a folder named config.

  2. Inside the config folder, create a file named cdn.yaml.

  3. Use the following metadata structure in cdn.yaml:

kind: "CDN"
version: "1"
metadata:
  envTypes: ["dev", "stage", "prod"]
data:
  trafficFilters:
    rules:

WKND AEM project rules file and folder

In the next tutorial, you learn how to add Adobe’s recommended standard traffic filter and WAF rules to the above file as a solid foundation for your implementation.

Deploy rules using Adobe Cloud Manager

In preparation of deploying the rules, follow these steps:

  1. Log in to my.cloudmanager.adobe.com and select your program.

  2. From the Program Overview page, go to the Pipelines card and click +Add to create a new pipeline.

    Cloud Manager Pipelines card

  3. In the pipeline wizard:

    • Type: Deployment Pipeline
    • Pipeline Name: Dev-Config

    Cloud Manager Config Pipeline dialog

  4. Source Code configuration:

    • Code to deploy: Targeted deployment
    • Include: Config
    • Deployment Environment: for example, wknd-program-dev
    • Repository: Git repo (for example, wknd-site)
    • Git Branch: Your working branch
    • Code Location: /config

    Cloud Manager Config Pipeline dialog

  5. Review the pipeline configuration and click Save.

In the next tutorial, you learn how to deploy the pipeline to your AEM environment.

Test rules using tools

To test the effectiveness of your standard traffic filter and WAF rules, you can use various tools to simulate requests and analyze how your rules respond.

Verify that you have the following tools installed on your local machine or follow the instructions to install them:

  • Curl: Test request/response flow.
  • Vegeta: Simulate high request load (DoS testing).
  • Nikto: Scan for vulnerabilities.

You can verify the installation using the following commands:

# Curl version check
$ curl --version

# Vegeta version check
$ vegeta -version

# Nikto version check
$ cd <PATH-OF-CLONED-REPO>/program
$ ./nikto.pl -Version

In the next tutorial, you learn how to use these tools to simulate high request loads and malicious requests to test the effectiveness of your traffic filter and WAF rules.

Analyze results

To prepare for analyzing the results, follow these steps:

  1. Install the AEMCS CDN Log Analysis Tooling to visualize and analyze the patterns using pre-built dashboards.

  2. Perform CDN logs ingestion by downloading logs from the Cloud Manager UI. Alternatively, you can forward logs directly to a supported hosted logging destination such as Splunk or Elasticsearch.

AEMCS CDN Log Analysis Tooling

To analyze the results of your traffic filter and WAF rules, you can use the AEMCS CDN Log Analysis Tooling. This tooling provides pre-built dashboards for visualizing CDN traffic and WAF activity by leveraging logs collected from the AEMCS CDN.

AEMCS CDN Log Analysis Tooling supports two observability platforms, ELK (Elasticsearch, Logstash, Kibana) and Splunk.

It is possible to use the Log Forwarding feature to stream your logs to a hosted ELK or Splunk logging service, where you can install a dashboard to visualize and analyze the standard traffic filter and WAF traffic filter rules. However, for this tutorial, you will set up the dashboard on a local ELK instance installed on your computer.

  1. Clone the AEMCS-CDN-Log-Analysis-Tooling repository.

  2. Follow the ELK Docker container setup guide to install and configure the ELK stack locally.

  3. Using ELK dashboards, you can explore metrics like IP requests, blocked traffic, URI patterns, and security alerts.

    ELK Traffic Filter Rules Dashboard

NOTE
If logs are not yet ingested from AEMCS CDN, the dashboards appear empty.

CDN logs ingestion

To ingest CDN logs into the ELK stack, follow these steps:

  • From Cloud Manager’s Environments card, download the AEMCS Publish service’s CDN logs.

    Cloud Manager CDN Logs Downloads

    note tip
    TIP
    It may take up to 5 minutes for the new requests to appear in the CDN logs.

  • Copy the downloaded log file (for example, publish_cdn_2025-06-06.log in the screenshot below) into the logs/dev folder of the Elastic dashboard tool project.

    ELK Tool Logs Folder {width="800" modal="regular"}

  • Refresh the Elastic dashboard tool page.

    • In the top Global filter section, edit the aem_env_name.keyword filter and select the dev environment value.

      ELK Tool Global Filter

    • To change the time interval, click the calendar icon in the top-right corner and select the desired time interval.

  • In the next tutorial, you learn how to analyze the results of the standard traffic filter and WAF traffic filter rules using the pre-built dashboards in the ELK stack.

    ELK Tool Pre-Built Dashboards

Summary

You have successfully set up the groundwork for implementing traffic filter rules including WAF rules in AEM as a Cloud Service. You created a configuration file structure, pipeline for deployment, and prepared tools for testing and analyzing the results.

Next steps

Learn how to implement the Adobe recommended rules using the following tutorials:

Protecting AEM websites using standard traffic filter rules

Protecting AEM websites using standard traffic filter rules

Learn how to protect AEM websites from DoS, DDoS and bot abuse using Adobe-recommended standard traffic filter rules in AEM as a Cloud Service.

Apply Rules

Protecting AEM websites using WAF traffic filter rules

Protecting AEM websites using WAF traffic filter rules

Learn how to protect AEM websites from sophisticated threats including DoS, DDoS, and bot abuse using Adobe-recommended Web Application Firewall (WAF) traffic filter rules in AEM as a Cloud Service.

Activate WAF

Advanced use cases

Beyond the Adobe-recommended standard traffic filter and WAF rules, you can implement advanced scenarios to achieve specific business requirements. These scenarios include:

Monitoring sensitive requests

Monitoring sensitive requests

Learn how to monitor sensitive requests by logging them using traffic filter rules in AEM as a Cloud Service.

Learn more

Restricting access

Restricting access

Learn how to restrict access by blocking specific requests using traffic filter rules in AEM as a Cloud Service.

Learn more

Normalizing requests

Normalizing requests

Learn how to normalize requests by transforming them using traffic filter rules in AEM as a Cloud Service.

Learn more

Additional resources

recommendation-more-help
4859a77c-7971-4ac9-8f5c-4260823c6f69