liepumartins
Reputation: 494
Protect Laravel (Vapor) with custom AWS WAF rules
We would like to protect Laravel site. Laravel Vapor employs AWS WAF, but configuration is limited
What we would like to achieve:
- Ability to temporarily add an IP address to AWS WAF from Laravel code.
e.g. something throws SuspiciousOperationException and we block that IP for 5 minutes using AWS WAF. I guess there should be some sort of an API call from PHP to AWS WAF
- Ability to filter method spoofing via WAF, not allowing to reach PHP code
e.g. we get attempts where $method is replaced by ../etc/passwd
in /var/task/vendor/symfony/http-foundation/Request.php (line 1228)
if (\in_array($method, ['GET', 'HEAD', 'POST', 'PUT', 'DELETE', 'CONNECT', 'OPTIONS', 'PATCH', 'PURGE', 'TRACE'], true)) {
return $this->method = $method;
}
if (!preg_match('/^[A-Z]++$/D', $method)) {
throw new SuspiciousOperationException(sprintf('Invalid method override "%s".', $method));
}
Is this viable? Cannot find anything related to this subject.
Upvotes: 2
Views: 234
Answers (0)
Related Questions
- How to create custom helper functions in Laravel
- Laravel Eloquent Query: Using WHERE with OR AND OR?
- Using AWS WAF with Serverless Associate WAF
- Filtering HTTP 1.0 with AWS WAF
- Deprecation Errors When Trying to Run an Old Laravel Project
- Laravel Vapor deployment issue - ssl certificate ownership
- AWS WAF: How to make custom response code with managed rules for block actions
- AWS WAF with cloudfront