{"id":982,"date":"2024-03-18T13:17:22","date_gmt":"2024-03-18T12:17:22","guid":{"rendered":"https:\/\/old-web.terracloud.fr\/?p=982"},"modified":"2024-09-02T16:37:50","modified_gmt":"2024-09-02T14:37:50","slug":"protegez-vos-applications-des-attaques-avec-aws-cloudfront-et-aws-waf","status":"publish","type":"post","link":"https:\/\/old-web.terracloud.fr\/en\/blog\/2024\/03\/18\/protegez-vos-applications-des-attaques-avec-aws-cloudfront-et-aws-waf\/","title":{"rendered":"How I - well, AWS WAF and CloudFront - saved the day for my client"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"982\" class=\"elementor elementor-982\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5f0c2fb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5f0c2fb\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2685207\" data-id=\"2685207\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a1622a4 elementor-widget elementor-widget-shortcode\" data-id=\"a1622a4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\"><span><span><a href=\"https:\/\/old-web.terracloud.fr\/\">Accueil<\/a><\/span><\/span><\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3a97dcc e-transform elementor-widget elementor-widget-heading\" data-id=\"3a97dcc\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_transform_translateX_effect&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;_transform_translateX_effect_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;_transform_translateX_effect_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;_transform_translateY_effect&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;_transform_translateY_effect_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;_transform_translateY_effect_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Prot\u00e9gez vos apps des attaques avec AWS CloudFront et AWS WAF<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c1282bb elementor-widget__width-initial elementor-widget elementor-widget-heading\" data-id=\"c1282bb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Je travaille sur la migration vers AWS de mon client, e-commer\u00e7ant, quand je re\u00e7ois un coup de fil : \u00ab Paul, on est mal, \u00e7a va fait une semaine que notre site est attaqu\u00e9 par d\u00e9ni de service ; on perd du CA ! Est-ce que tu as une solution ? \u00bb<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-103c1a3 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"103c1a3\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-93ff25c\" data-id=\"93ff25c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-943032c elementor-widget elementor-widget-text-editor\" data-id=\"943032c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Pas question de b\u00e2cler la fin de la migration. Le client n&rsquo;a pas encore conteneuris\u00e9 son appli, on n&rsquo;a pas fait de test de migration de donn\u00e9es, et encore moins de test de charge. Mais <a href=\"https:\/\/old-web.terracloud.fr\/blog\/2023\/11\/07\/cloud-101-episode-2-sysops-10-services-pour-votre-infra-sur-site\/\">comme je l&rsquo;avais indiqu\u00e9 dans un pr\u00e9c\u00e9dent blog post<\/a>, le Cloud peut aussi rendre des services \u00e0 l&rsquo;infrastructure on-premise. C&rsquo;est le moment de le prouver !<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6ab3620 elementor-widget elementor-widget-text-editor\" data-id=\"6ab3620\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Les premi\u00e8res analyses faites r\u00e9v\u00e8lent que l&rsquo;attaque vient de multiples IPs (points de sortie du r\u00e9seau TOR) et cible la page de connexion. Pas de chance, cette page fait des appels en base de donn\u00e9es et celle-ci est satur\u00e9e, entra\u00eenant de la latence (puis une absence de r\u00e9ponse) sur l&rsquo;ensemble du syst\u00e8me.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-524a66e elementor-widget elementor-widget-image\" data-id=\"524a66e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"800\" height=\"261\" src=\"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf5.avif\" class=\"attachment-large size-large wp-image-987\" alt=\"WAF Sampled requests\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-93e1a66 elementor-widget elementor-widget-text-editor\" data-id=\"93e1a66\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Ni une, ni deux, je me mets au travail. Gr\u00e2ce \u00e0 Terraform, en une demi-journ\u00e9e, j&rsquo;ai une stack fonctionnelle en test.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b895bbf elementor-widget elementor-widget-heading\" data-id=\"b895bbf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">La stack technique<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-10cea16 elementor-widget elementor-widget-text-editor\" data-id=\"10cea16\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Voici un sch\u00e9ma de la stack technique d\u00e9ploy\u00e9e pour contrer l&rsquo;attaque que subit mon client :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9a06b6c elementor-widget elementor-widget-image\" data-id=\"9a06b6c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"800\" height=\"373\" src=\"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf6.avif\" class=\"attachment-large size-large wp-image-986\" alt=\"WAF - Stack technique\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6a4ed2a elementor-widget elementor-widget-text-editor\" data-id=\"6a4ed2a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Les principales modifications par rapport \u00e0 l&rsquo;existant sont les suivantes :<\/p><ul><li>Au lieu de renvoyer directement sur l&rsquo;infra sur site de mon client, le DNS va d\u00e9sormais renvoyer les requ\u00eates vers CloudFront.<ul><li><a href=\"https:\/\/aws.amazon.com\/fr\/cloudfront\/\">CloudFront<\/a> est un Content-Delivery Network (CDN) manag\u00e9. C&rsquo;est \u00e0 dire qu&rsquo;il permet de servir du contenu mis en cache (ou pas) depuis des localisations proches des clients<\/li><li>Pendant l&rsquo;incident, dans un premier temps, ce n&rsquo;est pas la fonctionnalit\u00e9 de cache (qui permet de r\u00e9duire la charge sur les serveurs, et la latence c\u00f4t\u00e9 client) que la possibilit\u00e9 d&rsquo;exposer un frontal HTTPS qui va s&rsquo;interposer entre les clients et l&rsquo;infrastructure de mon client.<\/li><\/ul><\/li><li>Avant de relayer les requ\u00eates vers mon \u00ab\u00a0origine\u00a0\u00bb (l&rsquo;infra existante), CloudFront va les passer \u00e0 AWS WAF<ul><li><a href=\"https:\/\/aws.amazon.com\/fr\/waf\/\">WAF<\/a> est un Web Application Firewall, qui permet l&rsquo;inspection des requ\u00eates HTTP.<\/li><\/ul><\/li><li>Sur le WAF, nous avons param\u00e9tr\u00e9 un certain nombre de r\u00e8gles en nous appuyant sur <a href=\"https:\/\/docs.aws.amazon.com\/fr_fr\/waf\/latest\/developerguide\/aws-managed-rule-groups-list.html\">les jeux de r\u00e8gles g\u00e9r\u00e9es d&rsquo;AWS<\/a>. Voici celles qui ont \u00e9t\u00e9 le plus utiles pour stopper l&rsquo;attaque :<ul><li>Le groupe de r\u00e8gles <code>AWSManagedRulesAnonymousIpList<\/code> <a href=\"https:\/\/docs.aws.amazon.com\/fr_fr\/waf\/latest\/developerguide\/aws-managed-rule-groups-ip-rep.html\">contient une r\u00e8gle<\/a> qui recense pr\u00e9cis\u00e9ment les IPs de sortie connues du r\u00e9seau TOR ainsi que des VPNs les plus fr\u00e9quemment utilis\u00e9s, et une seconde recensant les h\u00e9bergeurs (dont les clients ont pu se faire corrompre une machine, la transformant en zombie). Cette r\u00e8gle va faire 95% du job.<\/li><li>La seconde <code>AWSManagedRulesATPRuleSet<\/code> permet <a href=\"https:\/\/docs.aws.amazon.com\/waf\/latest\/developerguide\/aws-managed-rule-groups-atp.html\">pr\u00e9cis\u00e9ment de prot\u00e9ger les pages<\/a> de connexion, en analysant les requ\u00eates qui sont faites : comportent-elles l&rsquo;ensemble des champs de formulaires attendus ? une IP qui a d\u00e9j\u00e0 \u00e9chou\u00e9 \u00e0 l&rsquo;authentification persiste-t-elle de fa\u00e7on \u00e9trange ?<\/li><li>En compl\u00e9ment de ces r\u00e8gles, par mesure de prudence, on mets en place les r\u00e8gles classiques : pr\u00e9vention des injections SQL, d&rsquo;attaques sur faille PHP, un anti-top10 OWASP etc.<\/li><li>Enfin, on ajoute une r\u00e8gle permet de whitelister des IPs (le mod\u00e8le \u00e9conomique de notre e-commer\u00e7ant impliquant un trafic assez important depuis quelques partenaires).<\/li><\/ul><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e83279e elementor-widget elementor-widget-heading\" data-id=\"e83279e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Mise en oeuvre et r\u00e9sultat<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3098861 elementor-widget elementor-widget-text-editor\" data-id=\"3098861\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Nous avons bascul\u00e9 c\u00f4t\u00e9 AWS, sur le <a href=\"https:\/\/aws.amazon.com\/fr\/route53\/\">service Route53<\/a>, la zone DNS principale du domaine de mon client (coup de chance, tout le travail pr\u00e9paratoire de recensement avait \u00e9t\u00e9 effectu\u00e9 en amont). Cela apporte au moins deux b\u00e9n\u00e9fices :<\/p><ul><li>L&rsquo;automatisation qu&rsquo;offre Route53, en lien avec Terraform, permet de g\u00e9n\u00e9rer rapidement les entr\u00e9es DNS n\u00e9cessaires pour que le service Certificate Manager accepte de g\u00e9n\u00e9rer des certificats SSL au nom du domaine de mon client.<\/li><li>Le service permet de d\u00e9finir un enregistrement \u00ab A \u00bb dynamique (un <a href=\"https:\/\/docs.aws.amazon.com\/fr_fr\/Route53\/latest\/DeveloperGuide\/resource-record-sets-choosing-alias-non-alias.html\">alias<\/a>) \u00e0 la racine du domaine, alors que la RFC 1034 ne permet pas de positionner un CNAME (qui ne peut co-exister avec d&rsquo;autres enregistrements) \u00e0 la racine.<\/li><\/ul><p>Nous avons cr\u00e9\u00e9 dans cette zone des enregistrements de type <code>origine.mondomaine.fr<\/code> et mon client a fait le n\u00e9cessaire pour que son serveur web traite les requ\u00eates sur cette adresse en servant son application (y compris avec un certificat TLS).<\/p><p>Une fois cela test\u00e9, nous avons bascul\u00e9 le traffic associ\u00e9 aux urls <code>mondomaine.fr<\/code> et <code>api.mondomaine.fr<\/code> vers CloudFront.<\/p><p>Pour \u00e9viter le contournement (au cas o\u00f9 le pirate d\u00e9couvrirait les urls en <em>origine<\/em> ou simplement utiliserait directement l&rsquo;IP du serveur de mon client), CloudFront est param\u00e9tr\u00e9 pour envoyer un header \u00ab\u00a0secret\u00a0\u00bb \u00e0 chaque appel de l&rsquo;infra de mon client. Il devient beaucoup plus simple pour celui-ci de filtrer quelqu&rsquo;un qui contournerait le CDN.<\/p><p>Le r\u00e9sultat est imm\u00e9diat : \u00e0 20h nous faisons la bascule. Le site redevient pleinement disponible. A 21h le pirate cesse l&rsquo;attaque (avant de retenter sa chance le lendemain)<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1aca024 elementor-widget elementor-widget-image\" data-id=\"1aca024\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"800\" height=\"209\" src=\"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf7.avif\" class=\"attachment-large size-large wp-image-985\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-3964181 elementor-widget elementor-widget-text-editor\" data-id=\"3964181\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Sur l&rsquo;image ci-dessous on peut voir en orange le trafic passant, l\u00e9gitime, et en bleu le trafic bloqu\u00e9. Nous avions donc 6000 requ\u00eates par minute, soit plus de deux fois le trafic habituel :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cbce635 elementor-widget elementor-widget-image\" data-id=\"cbce635\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"195\" src=\"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf3.avif\" class=\"attachment-large size-large wp-image-989\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8393c1f elementor-widget elementor-widget-heading\" data-id=\"8393c1f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Co\u00fbt : un petit point d'attention !\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2b6c00e elementor-widget elementor-widget-text-editor\" data-id=\"2b6c00e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>WAF co\u00fbte $0,60 par million de requ\u00eates analys\u00e9es \u00e0 l&rsquo;aide des r\u00e8gles manag\u00e9es de base (groupe dont font partie toutes nos r\u00e8gles <em><strong>sauf une<\/strong><\/em>) soit moins de $5 par jour pour mon client.<\/p><p>Attention cependant, les r\u00e8gles avanc\u00e9es comme l&rsquo;Account Takeover Protection sont factur\u00e9es (apr\u00e8s un tier gratuit de 10000 appels) $1 pour 1000 (oui, 1000, pas 1 000 000) d&rsquo;appels.<\/p><p>Et au d\u00e9but, notre param\u00e9trage donnait cela :<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a93398a elementor-widget elementor-widget-image\" data-id=\"a93398a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"468\" src=\"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf2.avif\" class=\"attachment-large size-large wp-image-990\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-36a04e8 elementor-widget elementor-widget-text-editor\" data-id=\"36a04e8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>En 24h, on a br\u00fbl\u00e9 pour $700 de WAF. Heureusement, votre serviteur avait mis en place une alarme d&rsquo;anomalie de co\u00fbt ! Un ticket au support (cat\u00e9gorie \u00ab <em>dispute a charge<\/em> \u00bb) et AWS nous a fait gr\u00e2ce de la facture ! [Nb : dans mon exp\u00e9rience, AWS efface toujours les ardoises \u00e9lev\u00e9es provenant d&rsquo;erreurs de param\u00e9trage ; cette tr\u00e8s bonne politique commerciale est l&rsquo;une des raisons, avec la qualit\u00e9 de leur support, qui en font mon cloud pr\u00e9f\u00e9r\u00e9].<\/p><p>Bref, on a corrig\u00e9 en pla\u00e7ant la r\u00e8gle d&rsquo;ATP en derni\u00e8re position par ordre de priorit\u00e9 et, surtout, en conditionnant son ex\u00e9cution \u00e0 la pr\u00e9sence d&rsquo;une \u00e9tiquette pos\u00e9e par une autre r\u00e8gle qui identifie les requ\u00eates sur le chemin <code>\/connexion<\/code><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-71ef2c9 elementor-widget elementor-widget-image\" data-id=\"71ef2c9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"460\" src=\"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf1.avif\" class=\"attachment-large size-large wp-image-991\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1b56ce6 elementor-widget elementor-widget-text-editor\" data-id=\"1b56ce6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Soulagement tout de m\u00eame quand on voit le trafic passant par la r\u00e8gle ATP descendre !<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a010666 elementor-widget elementor-widget-heading\" data-id=\"a010666\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Un b\u00e9n\u00e9fice suppl\u00e9mentaire de Cloudfront\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c8a3328 elementor-widget elementor-widget-text-editor\" data-id=\"c8a3328\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Apr\u00e8s le repos du guerrier heureux d&rsquo;avoir bloqu\u00e9 son ennemi, il est l&rsquo;heure d&rsquo;ajouter un b\u00e9n\u00e9fice suppl\u00e9mentaire pour mon client : l&rsquo;activation du cache pour toutes les ressource statiques servies par l&rsquo;application.<\/p><p>Gr\u00e2ce \u00e0 Terraform, \u00e7a n&rsquo;est pas tr\u00e8s compliqu\u00e9 : le bloc suivant permet de cacher tous les gifs.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f19cd29 elementor-widget elementor-widget-html\" data-id=\"f19cd29\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t <pre>ordered_cache_behavior {\n    path_pattern             = \"*.gif\"\n    allowed_methods          = [\"GET\", \"HEAD\", \"OPTIONS\", \"PUT\", \"POST\", \"PATCH\", \"DELETE\"]\n    cached_methods           = [\"GET\", \"HEAD\", \"OPTIONS\"]\n    target_origin_id         = local.origin_domain\n    viewer_protocol_policy   = \"redirect-to-https\"\n    cache_policy_id          = aws_cloudfront_cache_policy.cachingoptimizez_with_v_header.id\n    origin_request_policy_id = \"b689b0a8-53d0-40ab-baf2-68738e2966ac\" #Hard-Coded: Forward all headers EXCEPT HOST, cookies and query strings\n  }\n  <\/pre>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2271a19 elementor-widget elementor-widget-text-editor\" data-id=\"2271a19\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>L\u00e0 aussi, l&rsquo;effet est imm\u00e9diat. Quelques minutes apr\u00e8s c&rsquo;est pr\u00e8s de 90% des requ\u00eates qui seront servies par CloudFront, all\u00e9geant ainsi l&rsquo;infra de mon client d&rsquo;une charge certaine et am\u00e9liorant le temps de chargement pour les clients ! <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cd1ca65 elementor-widget elementor-widget-image\" data-id=\"cd1ca65\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"325\" src=\"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf4.avif\" class=\"attachment-large size-large wp-image-988\" alt=\"Effet de CloudFront\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-161151a elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"161151a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ed5f509 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ed5f509\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-362488b\" data-id=\"362488b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-059680a elementor-widget elementor-widget-text-editor\" data-id=\"059680a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Une question ? vous avez besoin d&rsquo;aide pour d\u00e9marrer ou progresser sur le Cloud AWS ?<\/p><p><a href=\"https:\/\/old-web.terracloud.fr\/nous-contacter\/\">Contactez-nous !<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>I was working on the migration to AWS of my client, an e-retailer, when I received a phone call: \u201cPaul, we are in trouble, our site has been attacked by denial of service for a week; we are losing money! Can you help?\u201c<\/p>\n<p>Pas question de b\u00e2cler la fin de la migration. Le client n&rsquo;a pas encore conteneuris\u00e9 son appli, on n&rsquo;a pas fait de test de migration de donn\u00e9es, et encore moins de test de charge. Mais comme je l&rsquo;avais indiqu\u00e9 dans un pr\u00e9c\u00e9dent blog post, le Cloud peut aussi rendre des services \u00e0 l&rsquo;infrastructure on-premise. C&rsquo;est le moment de le prouver !<\/p>","protected":false},"author":1,"featured_media":986,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[14,13,49,51,48,50],"class_list":["post-982","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech","tag-aws","tag-cloud","tag-cloudfront","tag-securite","tag-waf","tag-web-application-firewall"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF - TerraCloud<\/title>\n<meta name=\"description\" content=\"Le Cloud peut aussi rendre des services \u00e0 l&#039;infrastructure on-premise. Exemple avec AWS WAF, qui prot\u00e8ge vos applications web des attaques.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF - TerraCloud\" \/>\n<meta property=\"og:description\" content=\"Le Cloud peut aussi rendre des services \u00e0 l&#039;infrastructure on-premise. Exemple avec AWS WAF, qui prot\u00e8ge vos applications web des attaques.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h\" \/>\n<meta property=\"og:site_name\" content=\"TerraCloud\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-18T12:17:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-02T14:37:50+00:00\" \/>\n<meta name=\"author\" content=\"terracloud\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"terracloud\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dev.to\\\/aws-builders\\\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/blog\\\/2024\\\/03\\\/18\\\/protegez-vos-applications-des-attaques-avec-aws-cloudfront-et-aws-waf\\\/\"},\"author\":{\"name\":\"terracloud\",\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/#\\\/schema\\\/person\\\/c84d6bb6d61012fe7510ecd7c4a0407b\"},\"headline\":\"Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF\",\"datePublished\":\"2024-03-18T12:17:22+00:00\",\"dateModified\":\"2024-09-02T14:37:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/blog\\\/2024\\\/03\\\/18\\\/protegez-vos-applications-des-attaques-avec-aws-cloudfront-et-aws-waf\\\/\"},\"wordCount\":1265,\"publisher\":{\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/dev.to\\\/aws-builders\\\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/old-web.terracloud.fr\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/waf6.avif\",\"keywords\":[\"aws\",\"cloud\",\"cloudfront\",\"s\u00e9curit\u00e9\",\"waf\",\"web application firewall\"],\"articleSection\":[\"tech\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/blog\\\/2024\\\/03\\\/18\\\/protegez-vos-applications-des-attaques-avec-aws-cloudfront-et-aws-waf\\\/\",\"url\":\"https:\\\/\\\/dev.to\\\/aws-builders\\\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h\",\"name\":\"Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF - TerraCloud\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/dev.to\\\/aws-builders\\\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/dev.to\\\/aws-builders\\\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/old-web.terracloud.fr\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/waf6.avif\",\"datePublished\":\"2024-03-18T12:17:22+00:00\",\"dateModified\":\"2024-09-02T14:37:50+00:00\",\"description\":\"Le Cloud peut aussi rendre des services \u00e0 l'infrastructure on-premise. Exemple avec AWS WAF, qui prot\u00e8ge vos applications web des attaques.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dev.to\\\/aws-builders\\\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dev.to\\\/aws-builders\\\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dev.to\\\/aws-builders\\\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#primaryimage\",\"url\":\"https:\\\/\\\/old-web.terracloud.fr\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/waf6.avif\",\"contentUrl\":\"https:\\\/\\\/old-web.terracloud.fr\\\/wp-content\\\/uploads\\\/2024\\\/06\\\/waf6.avif\",\"width\":800,\"height\":373,\"caption\":\"WAF - Stack technique\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dev.to\\\/aws-builders\\\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/old-web.terracloud.fr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/#website\",\"url\":\"https:\\\/\\\/old-web.terracloud.fr\\\/\",\"name\":\"TerraCloud\",\"description\":\"Les deux pieds sur terre, la t\u00eate dans le Cloud\",\"publisher\":{\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/old-web.terracloud.fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/#organization\",\"name\":\"TerraCloud\",\"url\":\"https:\\\/\\\/old-web.terracloud.fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/old-web.terracloud.fr\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Logo-orange.png\",\"contentUrl\":\"https:\\\/\\\/old-web.terracloud.fr\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Logo-orange.png\",\"width\":600,\"height\":76,\"caption\":\"TerraCloud\"},\"image\":{\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/old-web.terracloud.fr\\\/#\\\/schema\\\/person\\\/c84d6bb6d61012fe7510ecd7c4a0407b\",\"name\":\"terracloud\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/097721015575d61db7c915fea44fcf2f41f4a94b0cdc56e181770f1f623acab8?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/097721015575d61db7c915fea44fcf2f41f4a94b0cdc56e181770f1f623acab8?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/097721015575d61db7c915fea44fcf2f41f4a94b0cdc56e181770f1f623acab8?s=96&d=mm&r=g\",\"caption\":\"terracloud\"},\"sameAs\":[\"http:\\\/\\\/old-web.terracloud.fr\"],\"url\":\"https:\\\/\\\/old-web.terracloud.fr\\\/en\\\/blog\\\/author\\\/terracloud\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF - TerraCloud","description":"Le Cloud peut aussi rendre des services \u00e0 l'infrastructure on-premise. Exemple avec AWS WAF, qui prot\u00e8ge vos applications web des attaques.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h","og_locale":"en_US","og_type":"article","og_title":"Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF - TerraCloud","og_description":"Le Cloud peut aussi rendre des services \u00e0 l'infrastructure on-premise. Exemple avec AWS WAF, qui prot\u00e8ge vos applications web des attaques.","og_url":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h","og_site_name":"TerraCloud","article_published_time":"2024-03-18T12:17:22+00:00","article_modified_time":"2024-09-02T14:37:50+00:00","author":"terracloud","twitter_card":"summary_large_image","twitter_misc":{"Written by":"terracloud","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#article","isPartOf":{"@id":"https:\/\/old-web.terracloud.fr\/blog\/2024\/03\/18\/protegez-vos-applications-des-attaques-avec-aws-cloudfront-et-aws-waf\/"},"author":{"name":"terracloud","@id":"https:\/\/old-web.terracloud.fr\/#\/schema\/person\/c84d6bb6d61012fe7510ecd7c4a0407b"},"headline":"Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF","datePublished":"2024-03-18T12:17:22+00:00","dateModified":"2024-09-02T14:37:50+00:00","mainEntityOfPage":{"@id":"https:\/\/old-web.terracloud.fr\/blog\/2024\/03\/18\/protegez-vos-applications-des-attaques-avec-aws-cloudfront-et-aws-waf\/"},"wordCount":1265,"publisher":{"@id":"https:\/\/old-web.terracloud.fr\/#organization"},"image":{"@id":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#primaryimage"},"thumbnailUrl":"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf6.avif","keywords":["aws","cloud","cloudfront","s\u00e9curit\u00e9","waf","web application firewall"],"articleSection":["tech"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/old-web.terracloud.fr\/blog\/2024\/03\/18\/protegez-vos-applications-des-attaques-avec-aws-cloudfront-et-aws-waf\/","url":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h","name":"Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF - TerraCloud","isPartOf":{"@id":"https:\/\/old-web.terracloud.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#primaryimage"},"image":{"@id":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#primaryimage"},"thumbnailUrl":"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf6.avif","datePublished":"2024-03-18T12:17:22+00:00","dateModified":"2024-09-02T14:37:50+00:00","description":"Le Cloud peut aussi rendre des services \u00e0 l'infrastructure on-premise. Exemple avec AWS WAF, qui prot\u00e8ge vos applications web des attaques.","breadcrumb":{"@id":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#primaryimage","url":"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf6.avif","contentUrl":"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2024\/06\/waf6.avif","width":800,"height":373,"caption":"WAF - Stack technique"},{"@type":"BreadcrumbList","@id":"https:\/\/dev.to\/aws-builders\/protegez-votre-infrastructure-sur-site-avec-aws-cloudfront-et-aws-waf-2f5h#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/old-web.terracloud.fr\/"},{"@type":"ListItem","position":2,"name":"Prot\u00e9gez vos applications des attaques avec AWS CloudFront et AWS WAF"}]},{"@type":"WebSite","@id":"https:\/\/old-web.terracloud.fr\/#website","url":"https:\/\/old-web.terracloud.fr\/","name":"TerraCloud","description":"Feet on the ground, head in the Cloud","publisher":{"@id":"https:\/\/old-web.terracloud.fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/old-web.terracloud.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/old-web.terracloud.fr\/#organization","name":"TerraCloud","url":"https:\/\/old-web.terracloud.fr\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/old-web.terracloud.fr\/#\/schema\/logo\/image\/","url":"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2023\/08\/Logo-orange.png","contentUrl":"https:\/\/old-web.terracloud.fr\/wp-content\/uploads\/2023\/08\/Logo-orange.png","width":600,"height":76,"caption":"TerraCloud"},"image":{"@id":"https:\/\/old-web.terracloud.fr\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/old-web.terracloud.fr\/#\/schema\/person\/c84d6bb6d61012fe7510ecd7c4a0407b","name":"terracloud","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/097721015575d61db7c915fea44fcf2f41f4a94b0cdc56e181770f1f623acab8?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/097721015575d61db7c915fea44fcf2f41f4a94b0cdc56e181770f1f623acab8?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/097721015575d61db7c915fea44fcf2f41f4a94b0cdc56e181770f1f623acab8?s=96&d=mm&r=g","caption":"terracloud"},"sameAs":["http:\/\/old-web.terracloud.fr"],"url":"https:\/\/old-web.terracloud.fr\/en\/blog\/author\/terracloud\/"}]}},"_links":{"self":[{"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/posts\/982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/comments?post=982"}],"version-history":[{"count":5,"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/posts\/982\/revisions"}],"predecessor-version":[{"id":994,"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/posts\/982\/revisions\/994"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/media\/986"}],"wp:attachment":[{"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/media?parent=982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/categories?post=982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/old-web.terracloud.fr\/en\/wp-json\/wp\/v2\/tags?post=982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}