Picking a WAF configuration for a voting application

0

We have an Amplify hosted application that effectively has a voting component - where the URL has an identifier as part of it to cast a vote - so, for "Yes" the URL goes to https://domain.com/vote/?answer=YES and no goes to https://domain.com/vote/?answer=NO There are rules around voting, so we save a client-side cookie as to whether you have already voted. So, the URL hits our server, it responds with a redirect and a cookie to log the fact you voted on the client machine. So, if you go to vote again, it sees the cookie and either doesn't allow your vote or changes the prior vote. We clearly don't want bots voting, so it looks like putting WAF in front of the URl would help. There appear to be an infinite number of WAF configurations. Does anyone have a configuration suggestion that would allow us to protect the voting URL from fraudulent use?

GregC
已提問 3 個月前檢視次數 124 次
1 個回答
0

Hello.

Amplify does not directly support AWS WAF, so you need to link AWS WAF to CloudFront.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/enable-aws-waf-for-web-applications-hosted-by-aws-amplify.html

For AWS managed rules, I think the "Bot Control" rule group below will help you block bots.
https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html

Also, in this case, if you think that access from people other than the client is unnecessary, I thought that the following "IP reputation rule groups" might be useful.
https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-ip-rep.html

profile picture
專家
已回答 3 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南