Deploying an AWS S3 static site to use Cloudflare WAF
Prerequisites
- AWS & Cloudflare Account
- Registered Domain with CloudFlare’s nameservers.
Learn how to host a static website in AWS S3, serve it using CloudFlare, and utilise WAF to filter out unusual traffic in this blog post.
Serving the website from CloudFlare has a number of benefits, including caching static content in CloudFlare edge locations, benefiting from CloudFlare’s WAF/DDOS protection, and receiving an SSL Certificate that is encrypted in transit.
To get started, follow the instructions below.
Configure AWS S3 bucket:
- Go to S3 Console -> Create a new bucket with name like “www.example.com”.
2. Allow public access and create bucket with default settings.
3. Open Bucket -> Go to permissions -> Edit bucket policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadForGetBucketObjects",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.example.com/*"
}
]
}Or use below bucket policies to allow only Cloudflare IP addresses
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::www.example.com/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"173.245.48.0/20",
"103.21.244.0/22",
"103.22.200.0/22"
]
}
}
}
]
}*Add all IPs listed at https://www.cloudflare.com/ips
4. Now Go to Bucket Properties -> Enable Static website hosting
5. Upload a index.html file and open your website link.
Set up your site on Cloudflare:
Open Cloudflare account -> Go to DNS -> Add a CNAME record as shown below:
Name: “www” | Target: s3 Address without http:// and save
Now, Let’s start creating some WAF rules
Rule to block all post request from Germany.
(ip.geoip.country eq “DE” and http.request.method eq “POST”)
Please share your thoughts about this blog post in the comments box below. Reach out to me on Twitter at @adiintify if you have any questions.
References:
