\n
![](\"https:\/\/jirak.net\/wp\/wp-content\/uploads\/2017\/01\/wafalb_my_alb_1.png\")
<\/p>\nAWS Web Application Firewall\uc744 \ud1b5\ud55c Application Load Balancer \ubcf4\ud638\ud558\uae30
\n<\/p>\n
\uc624\ub298\uc740 \uc791\ub144\uc5d0 \ucd9c\uc2dc\ud55c \uc8fc\uc694 \uc11c\ube44\uc2a4 \uc911 AWS Web Application Firewall(WAF) \ubc0f AWS Application Load Balancer\ub77c\ub294 \ub450 \uac00\uc9c0 \uc11c\ube44\uc2a4\uc5d0 \ub300\ud55c \uc5c5\ub370\uc774\ud2b8\uc785\ub2c8\ub2e4.<\/p>\n
AWS Web Application Firewall<\/a><\/strong> \u2013 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uac00\uc6a9\uc131\uc5d0 \uc601\ud5a5\uc744 \ubbf8\uce58\uac70\ub098 \uacfc\ub3c4\ud55c \uc790\uc6d0\uc744 \uc18c\ube44 \ud560 \uc218 \uc788\ub294 \uc678\ubd80 \uacf5\uaca9\uc744 \ubcf4\ud638\ud558\ub294 \uc11c\ube44\uc2a4\ub85c\uc11c, \uc774\uc804 \ucd9c\uc2dc \uc18c\uc2dd<\/a> \uc5d0\uc11c \ubcfc \uc218 \uc788\ub4ef\uc774 HTTP \uc694\uccad \ud5c8\uc6a9 \uc5ec\ubd80 \ubc0f IP \uc8fc\uc18c\ub97c \uc815\uc758\ud558\ub294 \uc811\uadfc \uc81c\uc5b4 \ubaa9\ub85d (ACL), \uaddc\uce59 \ubc0f \uc870\uac74\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc120\ud0dd\uc801\uc73c\ub85c \uc6f9 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uc758 \ud2b9\uc815 \uacbd\ub85c\uc5d0 \ub300\ud55c \uc811\uadfc\ub97c \ud5c8\uc6a9\ud558\uac70\ub098 \uac70\ubd80 \ud560 \uc218 \uc788\uc73c\uba70, \ub2e4\uc591\ud55c SQL \uc8fc\uc785 \uacf5\uaca9\uc744 \ucc28\ub2e8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ubcf8 \uc11c\ube44\uc2a4\ub294 Amazon CloudFront\ub97c \uc9c0\uc6d0\ud569\ub2c8\ub2e4.<\/p>\n AWS Application Load Balancer<\/a><\/strong> \u2013 Elastic Load Balancing\uc5d0\uc11c \uc0c1\uc704 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uacc4\uce35\uc744 \uc9c0\uc6d0\ud558\ub294 \uc2e0\uaddc \uc11c\ube44\uc2a4\ub85c\uc11c \ucf58\ud14c\uc774\ub108 \ub610\ub294 EC2 \uc778\uc2a4\ud134\uc2a4 \uc6f9 \uc11c\ube44\uc2a4 \uacbd\ub85c\ub97c \uae30\ubc18\uc73c\ub85c \ud558\ub294 \ub77c\uc6b0\ud305 \uaddc\uce59\uc744 \uc815\uc758 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. Application Load Balancer\ub294 HTTP\/2 \ubc0f WebSocket\uc744 \uc9c0\uc6d0\ud558\uba70 \ub300\uc0c1 \ucf58\ud14c\uc774\ub108 \ubc0f \uc778\uc2a4\ud134\uc2a4 \uc0c1\ud0dc\ub97c \uc790\uc138\ud788 \ubcfc \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc790\uc138\ud55c \ub0b4\uc6a9\uc740 \uc774\uc804 \ucd9c\uc2dc \uc18c\uc2dd<\/a>\ub97c \ucc38\uc870\ud558\uc2ed\uc2dc\uc624.<\/p>\n WAF \ubc0f ALB \uc0c1\ud638 \uc5f0\ub3d9 \ud558\uae30 \uc608\ub97c \ub4e4\uc5b4, \uc544\ub798 ALB \ub4a4\uc5d0 \uc138 \uac1c\uc758 EC2 \uc778\uc2a4\ud134\uc2a4\uac00 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uac19\uc740 \ub9ac\uc804\uc5d0 \uc811\uadfc \ubaa9\ub85d(ACL)\uc744 \uac04\ub2e8\ud558\uac8c \ub9cc\ub4e4\uace0 ALB\uc640 \uc5f0\uacb0\ud569\ub2c8\ub2e4. \uba3c\uc800 ACL\uc758 \uc774\ub984\uc744 \uc9c0\uc815\ud558\uace0, WAF\uc5d0 \uc9c0\uc815\ub41c CloudWatch \uce21\uc815 \ud56d\ubaa9\uc5d0 \uc81c\uacf5\ud558\ub3c4\ub85d \uc124\uc815\ud569\ub2c8\ub2e4.<\/p>\n \uadf8\ub7f0 \ub2e4\uc74c ACL\uc5d0 \uc6d0\ud558\ub294 \uc870\uac74\uc744 \ucd94\uac00\ud569\ub2c8\ub2e4.<\/p>\n \uc608\ub97c \ub4e4\uc5b4, \uc9c8\uc758 \ubb38\uc790\uc5f4\uc5d0 \ub300\ud574 \uba87 \uac00\uc9c0 SQL \uc8fc\uc785 \ud544\ud130(Injection Match)\ub97c \uc27d\uac8c \uc124\uc815\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \ud544\ud130\ub97c \ub9cc\ub4e0 \ud6c4\uc5d0 \uc774\ub97c \uaddc\uce59 \ub9cc\ub4dc\ub294 \ub370 \uc0ac\uc6a9\ud569\ub2c8\ub2e4.<\/p>\n \uadf8\ub7f0 \ub2e4\uc74c \uaddc\uce59\uc744 \uc0ac\uc6a9\ud558\uc5ec, \uc870\uac74\uacfc \uc77c\uce58\ud558\ub294 \uc694\uccad\uc744 \ucc28\ub2e8\ud569\ub2c8\ub2e4.<\/p>\n \uc774\ub97c \ubaa8\ub450 \ud568\uaed8 \uc0ac\uc6a9\ud558\ub824\uba74, \uc544\ub798\ucc98\ub7fc \uc124\uc815\uc744 \uac80\ud1a0\ud55c \ub2e4\uc74c ACL\uc744 \ub9cc\ub4dc\uc2ed\uc2dc\uc624.<\/p>\n Confirm and create<\/strong>\uc744 \ud074\ub9ad\ud558\uba74 \uc0c8 \uaddc\uce59\uc774 \ud65c\uc131\ud654\ub418\uace0, WAF\uac00 \ub0b4 ALB \ub4a4\uc5d0 \uc788\ub294 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uc744 \ubcf4\ud638\ud569\ub2c8\ub2e4.<\/p>\n \uc774\ub807\uac8c \ud558\uba74 WAF\ub97c \ud1b5\ud574 Application Load Balancer \ub4a4\uc758 EC2 \uc778\uc2a4\ud134\uc2a4\uc640 \ucf58\ud14c\uc774\ub108\ub97c \ubcf4\ud638\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n \uc790\uc138\ud788 \uc54c\uc544\ubcf4\uae30<\/strong> \u2014 Jeff<\/a>;<\/p>\n \uc774 \uae00\uc740 AWS Web Application Firewall (WAF) for Application Load Balancers<\/a>\uc758 \ud55c\uad6d\uc5b4 \ubc88\uc5ed\uc785\ub2c8\ub2e4.<\/em><\/p>\n Source: AWS Web Application Firewall\uc744 \ud1b5\ud55c Application Load Balancer \ubcf4\ud638\ud558\uae30<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" AWS Web Application Firewall\uc744 \ud1b5\ud55c Application Load Balancer \ubcf4\ud638\ud558\uae30 \uc624\ub298\uc740 \uc791\ub144\uc5d0 \ucd9c\uc2dc\ud55c \uc8fc\uc694 \uc11c\ube44\uc2a4 \uc911 AWS Web Application Firewall(WAF) \ubc0f AWS Application Load Balancer\ub77c\ub294 \ub450 \uac00\uc9c0 \uc11c\ube44\uc2a4\uc5d0 \ub300\ud55c \uc5c5\ub370\uc774\ud2b8\uc785\ub2c8\ub2e4. AWS Web Application Firewall \u2013 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uac00\uc6a9\uc131\uc5d0 \uc601\ud5a5\uc744 \ubbf8\uce58\uac70\ub098 \uacfc\ub3c4\ud55c \uc790\uc6d0\uc744 \uc18c\ube44 \ud560 \uc218 \uc788\ub294 \uc678\ubd80 \uacf5\uaca9\uc744 \ubcf4\ud638\ud558\ub294 \uc11c\ube44\uc2a4\ub85c\uc11c, \uc774\uc804 \ucd9c\uc2dc \uc18c\uc2dd \uc5d0\uc11c \ubcfc \uc218 \uc788\ub4ef\uc774 HTTP \uc694\uccad \ud5c8\uc6a9 \uc5ec\ubd80 \ubc0f IP \uc8fc\uc18c\ub97c \uc815\uc758\ud558\ub294 \uc811\uadfc \uc81c\uc5b4 \ubaa9\ub85d (ACL), \uaddc\uce59 \ubc0f \uc870\uac74\uc744 \uc0ac\uc6a9\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc120\ud0dd\uc801\uc73c\ub85c \uc6f9 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uc758 \ud2b9\uc815 \uacbd\ub85c\uc5d0 \ub300\ud55c \uc811\uadfc\ub97c \ud5c8\uc6a9\ud558\uac70\ub098 \uac70\ubd80 \ud560 \uc218 \uc788\uc73c\uba70, \ub2e4\uc591\ud55c SQL \uc8fc\uc785 \uacf5\uaca9\uc744 \ucc28\ub2e8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ubcf8 \uc11c\ube44\uc2a4\ub294 Amazon CloudFront\ub97c \uc9c0\uc6d0\ud569\ub2c8\ub2e4. AWS Application Load Balancer \u2013 Elastic Load Balancing\uc5d0\uc11c \uc0c1\uc704 \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \uacc4\uce35\uc744 \uc9c0\uc6d0\ud558\ub294 \uc2e0\uaddc \uc11c\ube44\uc2a4\ub85c\uc11c \ucf58\ud14c\uc774\ub108 \ub610\ub294 EC2 \uc778\uc2a4\ud134\uc2a4 \uc6f9 \uc11c\ube44\uc2a4 \uacbd\ub85c\ub97c \uae30\ubc18\uc73c\ub85c \ud558\ub294 \ub77c\uc6b0\ud305 \uaddc\uce59\uc744 \uc815\uc758 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. Application Load Balancer\ub294 HTTP\/2 \ubc0f WebSocket\uc744 \uc9c0\uc6d0\ud558\uba70 \ub300\uc0c1 \ucf58\ud14c\uc774\ub108 \ubc0f \uc778\uc2a4\ud134\uc2a4 \uc0c1\ud0dc\ub97c \uc790\uc138\ud788 [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":13558,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[169],"tags":[656],"class_list":["post-13557","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-aws"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/13557","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=13557"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/13557\/revisions"}],"predecessor-version":[{"id":13559,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/13557\/revisions\/13559"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media\/13558"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=13557"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=13557"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=13557"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/strong>\uc791\ub144 \uc5f0\ub9d0 AWS WAF\ub97c \ud1b5\ud574 Application Load Balancer \uae30\ubc18 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8 \ubcf4\ud638 \uae30\ub2a5\uc744 \uc81c\uacf5\ud560 \uac83\uc774\ub77c\uace0 \ubc1c\ud45c\ud558\uc600\uc73c\uba70, \uc624\ub298\ubd80\ud130 \uc774\ub97c \ub9e4\uc6b0 \ube60\ub974\uac8c \uc124\uc815\ud560 \uc218 \uc788\uc73c\uba70 \ub0b4\ubd80 \ubc0f \uc678\ubd80 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8\uacfc \uc6f9 \uc11c\ube44\uc2a4\ub97c \ubaa8\ub450 \ubcf4\ud638 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n![\"\"](\"https:\/\/media.amazonwebservices.com\/blog\/2017\/wafalb_my_alb_1.png\")
<\/p>\n![\"\"](\"https:\/\/media.amazonwebservices.com\/blog\/2017\/wafalb_create_acl_1.png\")
<\/p>\n![\"\"](\"https:\/\/media.amazonwebservices.com\/blog\/2017\/wafalb_create_conditions_1.png\")
<\/p>\n![\"\"](\"https:\/\/media.amazonwebservices.com\/blog\/2017\/wafalb_crate_sql_match_1.png\")
<\/p>\n![\"\"](\"https:\/\/media.amazonwebservices.com\/blog\/2017\/wafalb_create_sql_match_rule_1.png\")
<\/p>\n![\"\"](\"https:\/\/media.amazonwebservices.com\/blog\/2017\/wafalb_action_2.png\")
<\/p>\n![\"\"](\"https:\/\/media.amazonwebservices.com\/blog\/2017\/wafalb_confirm_create_2.png\")
<\/p>\n![\"\"](\"https:\/\/media.amazonwebservices.com\/blog\/2017\/wafalb_running_2.png\")
<\/p>\n
WAF \ubc0f ALB\ub97c \ud568\uaed8 \uc0ac\uc6a9\ud558\ub294 \ub370 \ub300\ud55c \ubd80\ubd84\uc744 \ub354 \uc790\uc138\ud788 \uc54c\uace0 \uc2f6\uc73c\uc2dc\uba74, re:Invent \uc911 Secure Your Web Application With AWS WAF and Amazon CloudFront<\/a> \uc138\uc158\uc744 \ucc38\uace0\ud558\uc2dc\uae30 \ubc14\ub78d\ub2c8\ub2e4.<\/p>\n