cloudfront-integrated-waf: CloudFront Integrated With WAF

日期: 2025-08-01 | 影响软件: CloudFront Integrated With WAF | POC: 已公开

漏洞描述

Ensure that all your Amazon CloudFront distributions are integrated with the Amazon Web Application Firewall (WAF) service to protect against application-layer attacks that can compromise the security of your websites/web applications or place unnecessary load on them

PoC代码[已公开]

id: cloudfront-integrated-waf

info:
  name: CloudFront Integrated With WAF
  author: DhiyaneshDK
  severity: medium
  description: |
    Ensure that all your Amazon CloudFront distributions are integrated with the Amazon Web Application Firewall (WAF) service to protect against application-layer attacks that can compromise the security of your websites/web applications or place unnecessary load on them
  impact: |
    Lack of integration between CloudFront and a Web Application Firewall (WAF) increases vulnerability to web-based attacks, including DDoS, SQL injection, and cross-site scripting (XSS).
  remediation: |
    Integrate CloudFront with an appropriate Web Application Firewall (WAF) to filter and monitor HTTP requests, providing enhanced protection against common web threats.
  reference:
    - https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/CloudFront/cloudfront-integrated-with-waf.html
    - http://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
  tags: cloud,devops,aws,amazon,cloudfront,aws-cloud-config

variables:
  region: "us-west-2"

flow: |
  code(1)
  for(let DistributionListItemsId of iterate(template.distributions)){
    set("distribution", DistributionListItemsId)
    code(2)
  }

self-contained: true

code:
  - engine:
      - sh
      - bash

    source: |
      aws cloudfront list-distributions --output table --query 'DistributionList.Items[*].Id' --region $region --output json

    extractors:
      - type: json
        name: distributions
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash

    source: |
        aws cloudfront get-distribution --id $distribution --query 'Distribution.DistributionConfig.WebACLId' --region $region --output json

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '""'

      - type: word
        words:
          - 'arn:'
        negative: true

    extractors:
      - type: dsl
        dsl:
          - '"CloudFront Integrated With WAF " + distribution + " is Disabled"'
# digest: 4a0a0047304502202d620642cc74990fe24716a6835537c17f0665b4f33110c47f495fa92f709ea1022100d5da002654b1eb9447b384320856fdac406517a81f3fea768bb8c0caacddd897:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/aws/cloudfront/cloudfront-integrated-waf.yaml