'AWS WAF has no effect on apigateway behind cloudfront

I have a CloudFront distribution that points to an API gateway endpoint. I plugged a WAF ACL on that distribution and it seems to work. When I access the API gateway endpoint using the CloudFront, I get blocked ( that's the desired behaviour that I configured on my ACL )

   https://<my-cloudfront-domain-name>/<my>/<api>/<endpoint> -> deny and I get a 403/blocked -> OK!

If I reach my endpoint "alone" ( not behind the cf distribution ) I can reach the endpoint normally. I wish to get blocked even if I reach the API in an isolated way

 https://<api-id>.execute-api.us-east-1.amazonaws.com/<my>/<api>/<endpoint> -> passed and I get a 200 -> NOT OK...

My stack was built using the serverless framework and my API gateway is from edge type

aws-api-gatewayamazon-cloudfrontserverless-frameworkamazon-wafjava


Solution 1:[1]

API Gateway can restrict access by API key. CloudFront can send a custom, secret x-api-key header when it accesses the origin. The absence of that header in other requests to the API Gateway will cause API requests to be rejected with 403 Forbidden.

See Protecting your API using Amazon API Gateway and AWS WAF, parts one and two.

Solution 2:[2]

We had the exact same problem and contacted AWS support, and the support says Edge optimised APIs are fronted by a default CF distribution which the WAF is not able to recognise. To make WAF work for the default invoke URL you either need to change the endpoint type to Regional, or create a custom CF distribution.

Solution 3:[3]

Create getter and setter for the age and owner in the animal class. Then add the same getter and setter for the age to the owner class.

public Owner getOwner() {
    return this.owner;
}

public void setOwner(Owner owner) {
    this.owner = owner;
}

public int getAge() {
    return this.age;
}

public void setAge(int age) {
    this.age = age;
}

Now you can create some where this method to increase the age by a value like one.

public static void increaseBothAges(Animal animal, int value) {
    animal.setAge(animal.getAge() + value);
    Owner owner = animal.getOwner();
    owner.setAge(owner.getAge() + value);
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 jarmod
Solution 2 Eric Xin Zhang
Solution 3

Related Questions