Improving Website Performance and Security with AWS WAF and CloudFront
Uncover how we managed to improve website performance and security using AWS WAF and Amazon CloudFront.
Executive Summary
Improving Website Performance with Protection from Injection Attacks
Our Customer
Gorgany is a huge retail, wholesale & distribution company of outdoor equipment in Ukraine. The company specializes in wholesale trade of goods for tourism, mountaineering, skiing, and active recreation.
The Obstacles They Faced
The client’s web store’s vulnerabilities became targets for DDoS and SQL injection attacks, except for being exposed to regular malicious bot activity. In addition, with the website’s booming, it delivered a worsening user experience as a consequence of low content delivery speed.
How We Helped
Our engineers integrated AWS WAF (Web Application Firewall) to protect the client’s e-commerce platform from common web exploits and attack patterns. They also improved the overall website performance using AWS CloudFront – low latency content delivery network (CDN) – to speed up the distribution of the website’s static and dynamic content.
The Challenges
Growth of Cyber Threats
Previously, Romexsoft has successfully led a platform rebuild from the outdated OpenCart 1.5 to a modern Magento 2.4 Commerce platform. The growing popularity of the marketplace resulted in an increase in attempts of DDoS and SQL injection attacks along with different malicious activities causing site performance degradation – exploits and bots consume resources, skew metrics, and cause downtime.
So Gorgany requested to protect their website, eliminating common web exploits as well as enhance the overall user experience by speeding up content delivery on the platform.
The Solution
Optimizing Performance and Content Delivery
Web application protection
After the analysis of attacks, our experts discovered that the majority of requests were made from a single IP address in the course of a single wave of attack. Thus, integration with AWS WAF service seemed an ideal solution to mitigate those threats and ensure the website’s threat resistance.
On implementing the WAF service, we set up:
- rate-based limiting rules, which can detect spikes of requests from malicious IPs and then block them;
- different fine grained configurations for GET (e.g. page visit) and POST (e.g. checkout) requests;
- bot control to distinguish good bots from the bad ones as well as PHP and SQL injection detection rules.
Content delivery improvement
Another request of the client, associated with acceleration of the website content delivery to the end users, was met as Romexsoft suggested using AWS CloudFront (CF) – a large-scale, global, and feature-rich CDN service.
CloudFront speeds up the distribution of the content by routing each user request through the AWS backbone network to the edge location that can best serve your content. For this particular case, we chose the geographically closest CDN server (edge location) for the majority of Gorgany’s clientele, originally Ukrainian, located in Warsaw. This allowed for three times as fast website content loading, compare: the response time decreased from about 150-200 ms to 40-50 ms.
As you see, using the AWS CDN dramatically reduces the request-response path that your users’ must pass through which boosts website performance. Moreover, AWS CDN has seamless integration with AWS WAF.
The final configuration for the implemented content delivery solution is the following:
1. Alias record to CloudFront distribution in Route53 hosted zone.
2. CloudFront which has two origins:
- The first one to S3 with media static content (photos of products) cached in CF;
- The second one to ALB where static assets (js/css) are cached in CF and dynamic html with no cache.
3. AWS WAF configured with rate-based limit rules, bot control rules and default AWS PHP and SQL rules set against injections.
Website Performance and Security with AWS WAF and CloudFront – Architecture Diagram
Amazon Web Services Utilized
The results
Improved UX and Security
Robust protection of the client’s web platform which allows:
- saving time with managed security rules (monitor, block, rate-limit) so that engineers can spend more time on actual application development;
- achieving stable website availability without wasting the resources, which are usually affected by web exploits and bad bots;
- having improved web traffic visibility with granular control over how metrics are emitted.
High website performance which leads to:
- cut costs due to consolidated requests, customizable pricing options, and zero fees for data transfer out from AWS origins;
- better user experience which results in sales boost through accelerated dynamic and static content delivery;
- additional security posture layers with traffic encryption and access control.
Why Romexsoft
Quality-Driven Partnerships
Romexsoft is an AWS-certified Consulting Partner, trusted Software Development Company and Managed Service Provider, founded in 2004. We help customer-centric companies build, run, and optimize their cloud systems on AWS with creative, stable, and cost-efficient solutions.
Our key values
- Delivery of quality solutions
- Customer satisfaction
- Long-term partnership
We have successfully delivered 100+ projects and have a proven track record in FinTech, HealthCare, AdTech, and Media industries.
Romexsoft possesses a 5-star rating on Clutch due to its strong expertise, responsiveness, and commitment. 60% of our clients have been working with us for over 4 years.