Securing a Web Platform with AWS WAF

Healthera is a digital healthcare platform that enables patients in the UK to manage their prescriptions, medications, and health services in one place on the web.

For pharmacies and healthcare providers, Healthera helps future-proof their services in a world where patients expect digital-first solutions, reduces administrative burden, and drives business growth.

To fortify the website and ensure its compliance, we implemented AWS Web Application Firewall with a combination of managed and custom security rules, specifically:

Multi-Layered Web Protection with AWS WAF

• Bot Control
  Prevented malicious bot traffic while ensuring uninterrupted access for legitimate users.
• AWS Core Rule Set (CRS)
  Protection against SQL injection, XSS, and PHP-specific vulnerabilities commonly exploited in healthcare platforms.
• Managed Rules for WordPress
  Blocked request patterns targeting WP vulnerabilities, ensuring security for the site’s content management system.
• IP Reputation Lists
  Automatically blocked traffic from known malicious IPs, reducing exposure to botnets and attack networks.
• Rate-Based Rules
  Limited excessive requests per IP, protecting against credential stuffing, brute-force attacks, and DoS attempts.
• IP Whitelisting
  Ensured that only trusted IP addresses could access sensitive administrative areas, strengthening access control.

AWS Integrations for Security and Performance

To enhance both security and system performance, AWS WAF was integrated with the following AWS services for edge-level filtering and real-time monitoring:

• Amazon CloudFront
  Applied security rules at the CDN edge, blocking threats before they could reach the origin server, reducing latency and server load.
• Amazon CloudWatch
  Provided real-time threat monitoring and traffic analysis, enabling data-driven security adjustments.

Automation and Continuous Refining

A combination of AWS Managed Rule Groups and rate-based rules delivers ongoing protection by automatically updating defenses against the OWASP Top 10 threats, malicious IPs, SQL injection attacks, PHP-specific vulnerabilities, and bot activity. These rules adapt to emerging security risks, significantly reducing the need for manual intervention.

By leveraging AWS WAF Managed Rule Groups, we ensure security policies remain consistently aligned with the latest threat intelligence, strengthening the overall resilience of your applications against web attacks.

By implementing AWS Web Application Firewall, we helped the client’s web platform significantly enhance its security posture, streamline operations, improve application performance, and reduce operational overhead.

Key achievements in details:

• Reduction in Malicious Traffic
  Strengthened protection against SQL injection, XSS, and automated attacks, ensuring data comprehensive security.
• Lower Infrastructure Costs
  Rate-limiting and request filtering optimized server load, reducing unnecessary compute cloud resource consumption.
• Increase in Application Uptime
  Eliminating bot traffic and malicious requests improved platform availability and response times for legitimate real users.
• Faster Security Incident Response
  Automated threat mitigation minimized manual intervention, allowing IT engineering to focus on critical tasks, thus lowering administrative workload.
• Compliance and Access Control
  IP whitelisting and request blocking policies ensured strict security compliance and controlled system access.