Technical Tip: Deploying Fortinet AWS WAF Partner Rule Groups (AWS WAF v1/'Classic')
- February 8, 2018
- 0 replies
- 24186 views
Description
This article provides documentation for configuring Fortinet AWS WAF Partner Rule Groups on Amazon Web Services (AWS). The attached document includes step-by-step setup examples as well as a set of frequently-asked questions (FAQ) at the end.
Scope
AWS WAF Partner Rule Groups, AWS CloudFront, Application Load Balancers, and API Gateway.
Solution
Important: This document is for AWS WAF v1 (AKA AWS WAF 'Classic') which is set to be retired by AWS as of September 2025. For more information, refer to the Order Information section of the FortiWeb Managed Rules for AWS WAF Data Sheet. Fortinet has since updated the AWS WAF Partner Rule Groups to support AWS WAF v2, and documentation for this can be found here: Technical Tip: Deploying Fortinet AWS WAF Partner Rule Group V2. The original article continues below.
As a primer, AWS WAF Partner Rule Groups are a subscription-based set of web application firewall (WAF) rules/signatures that are curated by third-party vendors. These pre-packaged rules can be applied in front of web applications hosted in AWS to augment the existing WAF protection offered by AWS (which was previously limited to only SQL injection and cross-site scripting protection).
Fortinet is offering 4 rule groups to AWS users based on the FortiWeb WAF service offered via FortiGuard:
| RuleGroup | Description |
| SQLi/XSS Rule Group | The SQLi/XSS RuleGroup provides protection from the two primary web application attack types identified in the OWASP Top 10, SQL Injection and Cross-Site Scripting. |
| General Attacks and Known Exploits Rule Group | The General and Known Exploits rule group detects common and advanced OWASP Top 10 threats including numerous Injection attacks, Remote file inclusion (RFI), Local File Inclusion (LFI), HTTP Response Splitting, Database Disclosure vulnerabilities and other Common Vulnerabilities and Exposures (CVEs). |
| Malicious Bots Rule Group | The Malicious Bots Rule Group analyzes requests and blocks known content scrapers, spiders looking for vulnerabilities, and other unwanted automated clients that OWASP has identified as risks to web applications. |
| Complete OWASP Top 10 Rule Group | The Complete OWASP Top 10 Rule Group combines Fortinet's other AWS WAF rule groups into one comprehensive package for the best web application protection offered by Fortinet to cover the entire list of OWASP Top 10 web application threats. Included are the SQLi/XSS, General and Known Exploits, and Malicious Bots rule groups. |
Important: for technical assistance with Fortinet AWS WAF Partner Rule Groups, users are recommended to send an email directly to awswaf@fortinet.com.
For more information, refer to the Fortinet AWS WAF Partner Rule Group - Setup and Configuration.pdf document attached to this Knowledge Base Article. The attached document contains the following sections:
- Overview.
- Setup.
- Creating Exceptions/Whitelisting.
- Viewing Attack Logs.
- FAQ.
Related documents: