How should the Administrator protect the web servers?

By:
In: SOA-C01
Tagged:
With: 2 Comments
Malicious traffic is reaching company web servers.A SysOps Administrator is tasked with blocking this traffic.The malicious traffic is distributed over many IP addresses and represents much higher traffic than is typically seen from legitimate users.

How should the Administrator protect the web servers?

Create a security group for the web servers and add deny rules for malicious sources.

Set the network access control list for the web servers’ subnet and add deny entries.

Place web servers behind AWS WAF and establish the rate limit to create a blacklist.

Use Amazon CloudFront to cache all pages and remove the traffic from the web servers.

Explanations:

Security groups are stateful and only support allow rules, not deny rules. They are not effective for blocking traffic from malicious sources if distributed across many IPs.

Network ACLs are stateless and would block traffic at the subnet level. However, blocking by specific IP ranges in high-traffic situations is inefficient for large-scale attacks.

AWS WAF allows rate limiting and can block malicious traffic based on patterns, such as IP rate limits or other attack signatures, effectively mitigating high traffic.

CloudFront can cache content, but it does not specifically block malicious traffic. While it can reduce load on the web servers, it is not a solution for blocking malicious traffic.

2026-04-08

2 Comments

  1. Bradley
    Author

    To the best of my knowledge, the answer is:
    Place web servers behind AWS WAF and establish the rate limit to create a blacklist.

  2. Douglas
    Author

    If I had to guess, I’d say the answer is:
    Place web servers behind AWS WAF and establish the rate limit to create a blacklist.

Leave a Reply

Your email address will not be published. Required fields are marked *

fourteen + nineteen =