AWS ALB behind a Third party WAF (and SSL Offloading)
Question
I have a running private EC2 instances (Windows Server 2012 IIS) behind a public Application Load Balancer. while I can access the web services in the internet via port 80/HTTP, I wanted to allow 443/HTTPS as well but I wanted my third party WAF to offload the SSL (Such as Cloudflare, Akamai).
I've already setup the SSL offloading on the WAF, on the AWS ALB I've enabled the ALB security group to allow port 443/HTTPS from 0.0.0.0/0 but to no avail (although I can still access the web via port 80/HTTP). will really appreciate if you could point me on what steps do I need in AWS ALB to allow HTTPS behind a WAF. I tried also to create a 443 Listener to the AWS ALB, however it still requires me to have my SSL cert imported as well hence redundant since in essence the ALB will SSL offload as well.
This is the basic overview of my design Cloudflare WAF ---> AWS ALB ----> Private EC2 Instances/Servers
Really appreciate all your feedbacks! Thank you
1 answers
solution1
0 2022-08-31 01:51:16
To make the infrastructure, you should remove the HTTPS(443) listener from ALB and use HTTP(80) traffic between third party WAF and ALB.
However, the traffic between WAF and ALB will be insecure in this way. I am also building similar infrastructure and still trying to figure out a more secured solution.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.