Improving Website Performance and Security with AWS WAF and CloudFront

Uncover how we managed to improve website performance and security using AWS WAF and Amazon CloudFront.

  • Application Modernization
  • E-Commerce
  • Ukraine
Improving Website Performance and Security

Executive Summary

Improving Website Performance with Protection from Injection Attacks

Our Customer

Gorgany is a huge retail, wholesale & distribution company of outdoor equipment in Ukraine. The company specializes in wholesale trade of goods for tourism, mountaineering, skiing, and active recreation.

The Obstacles They Faced

The client’s web store’s vulnerabilities became targets for DDoS and SQL injection attacks, except for being exposed to regular malicious bot activity. In addition, with the website’s booming, it delivered a worsening user experience as a consequence of low content delivery speed.

How We Helped

Our engineers integrated AWS WAF (Web Application Firewall) to protect the client’s e-commerce platform from common web exploits and attack patterns. They also improved the overall website performance using AWS CloudFront – low latency content delivery network (CDN) – to speed up the distribution of the website’s static and dynamic content.

The Challenges

Growth of Cyber Threats

Previously, Romexsoft has successfully led a platform rebuild from the outdated OpenCart 1.5 to a modern Magento 2.4 Commerce platform. The growing popularity of the marketplace resulted in an increase in attempts of DDoS and SQL injection attacks along with different malicious activities causing site performance degradation – exploits and bots consume resources, skew metrics, and cause downtime.

So Gorgany requested to protect their website, eliminating common web exploits as well as enhance the overall user experience by speeding up content delivery on the platform.

The Solution

Optimizing Performance and Content Delivery

Web application protection

After the analysis of attacks, our experts discovered that the majority of requests were made from a single IP address in the course of a single wave of attack. Thus, integration with AWS WAF service seemed an ideal solution to mitigate those threats and ensure the website’s threat resistance.

On implementing the WAF service, we set up:

  • rate-based limiting rules, which can detect spikes of requests from malicious IPs and then block them;
  • different fine grained configurations for GET (e.g. page visit) and POST (e.g. checkout) requests;
  • bot control to distinguish good bots from the bad ones as well as PHP and SQL injection detection rules.

Content delivery improvement

Another request of the client, associated with acceleration of the website content delivery to the end users, was met as Romexsoft suggested using AWS CloudFront (CF) – a large-scale, global, and feature-rich CDN service.

CloudFront speeds up the distribution of the content by routing each user request through the AWS backbone network to the edge location that can best serve your content. For this particular case, we chose the geographically closest CDN server (edge location) for the majority of Gorgany’s clientele, originally Ukrainian, located in Warsaw. This allowed for three times as fast website content loading, compare: the response time decreased from about 150-200 ms to 40-50 ms.

As you see, using the AWS CDN dramatically reduces the request-response path that your users’ must pass through which boosts website performance. Moreover, AWS CDN has seamless integration with AWS WAF.

The final configuration for the implemented content delivery solution is the following:

1. Alias record to CloudFront distribution in Route53 hosted zone.

2. CloudFront which has two origins:

  • The first one to S3 with media static content (photos of products) cached in CF;
  • The second one to ALB where static assets (js/css) are cached in CF and dynamic html with no cache.

3. AWS WAF configured with rate-based limit rules, bot control rules and default AWS PHP and SQL rules set against injections.

Website Performance and Security with AWS WAF and CloudFront – Architecture Diagram

AWS Architecture Diagram: Improving Website Performance and Security with AWS WAF and CloudFront

Amazon Web Services Utilized

Amazon Simple Storage Service icon
Simple Storage Service (S3)
Amazon CloudFront icon
CloudFront
Elastic Load Balancing
Application Load Balancer (ALB)
Amazon Route 53 icon
Route 53
AWS WAF icon
Web Application Firewall (WAF)

The results

Improved UX and Security

Robust protection of the client’s web platform which allows:

  • saving time with managed security rules (monitor, block, rate-limit) so that engineers can spend more time on actual application development;
  • achieving stable website availability without wasting the resources, which are usually affected by web exploits and bad bots;
  • having improved web traffic visibility with granular control over how metrics are emitted.

High website performance which leads to:

  • cut costs due to consolidated requests, customizable pricing options, and zero fees for data transfer out from AWS origins;
  • better user experience which results in sales boost through accelerated dynamic and static content delivery;
  • additional security posture layers with traffic encryption and access control.

Why Romexsoft

Quality-Driven Partnerships

Romexsoft is an AWS-certified Consulting Partner, trusted Software Development Company and Managed Service Provider, founded in 2004. We help customer-centric companies build, run, and optimize their cloud systems on AWS with creative, stable, and cost-efficient solutions.

Our key values

  • Delivery of quality solutions
  • Customer satisfaction
  • Long-term partnership

We have successfully delivered 100+ projects and have a proven track record in FinTech, HealthCare, AdTech, and Media industries.

Romexsoft possesses a 5-star rating on Clutch due to its strong expertise, responsiveness, and commitment. 60% of our clients have been working with us for over 4 years.

Related Success Stories

Adobe Commerce Development on AWS for a Retailer
Explore how we enhanced our client's marketplace stability and scalability by transitioning from a monolithic architecture to microservices.
Log Search and Processing Solution on Amazon OpenSearch Service
Discover how we implemented a log search and processing solution, which enhances observability and security for client's platform.

Craft Your Vision – Make the First Step.
Book a Consultation With Our Experts

    Contact Romexsoft
    Get in touch with AWS certified experts!