Please wait while we enable your Account

0%

Contacting Amazon Web Services
Deploying Cloud Servers, Storage, Transcoding & Database Servers
Deploying Global CDN
Deploying Firewall & Enabling Security Measures
Deploying the CMS & Admin Module
Deploying Website, Mobile & TV Apps framework
Creating your FTP account
Finishing up all the modules
Preparing for launch

AWS Rule for XSS Attack

Abhaya Senapati Published on : 01 February 2021

What is XSS attack?

Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end-user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

 

What is AWS WAF(Web Application Firewall)?

 AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, or an Application Load Balancer. AWS WAF also lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, API Gateway, CloudFront, or an Application Load Balancer responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You also can configure CloudFront to return a custom error page when a request is block content.                                  

WAF Rule for XSS attack

 The rule that is used to block XSS in AWS WAF is CrossSiteScripting_BODY

If it is enabled, it inspects the value of the request body and blocks common cross-site scripting (XSS) patterns using the built-in XSS detection rule in AWS WAF. 

 What must not be done?

 If this rule is activated, then obviously, we just can’t send HTML data in our request body.

Please check the attached screenshot below, There you can we got a 403 forbidden error from AWS only.

 

How to do this if needed?

 If we have to send any HTML content through the request parameter, we must encode it using any encoding technologies and decode it after reaching our server.

Please find the screenshot attached below. Here we used the Base64 encode mechanism and sent the data to the service.

 

Code snippets for reference.

Frontend: – 

Coding language – Angular

This is just before we send data to the service.

 

Backend: – 

Coding language: – PHP(Lumen Framework)

Here we have decoded the request after getting it on the service end.

 

Written by: Abhaya Senapati

With an innate love of writing code to solve complex issues, Abhaya has 5+ years of experience in full-stack development and is currently leading the Engineering & Development pod at Muvi.

Add your comment

Leave a Reply

Your email address will not be published.

Try Muvi One free for 14 days

No Credit Card Required

.muvi.com
Your website will be at https://yourname.muvi.com, you can change this later.

Upcoming Webinar
December 07

8:00AM PST

The Evolution of Streaming: Past, Present & Future with Muvi

Let’s uncover the past, navigate the present, and chart the course for what’s next in the dynamic world of streaming! In this webinar, we’ll embark on a journey through the dynamic landscape of streaming, exploring its roots, current state, and the exciting innovations shaping its future, all while uncovering the role of Muvi in this transformative journey.

Things the webinar will cover:

  1. Introduction to Streaming’s Origins:
    • Tracing the beginnings of streaming technology.
    • Milestones and key developments that laid the foundation.
  2. Current Streaming Landscape:
    • Overview of the current streaming ecosystem.
    • Market trends, consumer behavior, and the impact of global events.
  3. Muvi’s Contribution to Streaming:
    • How Muvi has played a pivotal role in the evolution of streaming.
    • Case studies and success stories highlighting Muvi’s impact.
  4. Technological Advancements:
    • Exploring cutting-edge technologies influencing streaming.
    • Muvi’s role in integrating and harnessing these advancements.
  5. Content Delivery Strategies:
    • Diversification in content types and formats.
    • Muvi’s solutions for optimizing content delivery.
  6. Monetization Models:
    • Examining varied revenue streams in streaming.
    • Muvi’s tools for effective monetization and subscription management.
  7. User Experience and Engagement:
    • Enhancing user satisfaction and engagement.
    • Muvi’s features for creating a seamless streaming experience.
  8. Future Trends and Innovations:
    • Predictions for the future of streaming.
    • Muvi’s roadmap and commitment to staying ahead of industry trends.

Event Language: English
1 hour