By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Access WAF protected API from localhost

0

I have set up a WAF to protect my API with targeted bot control. I use the fetch wrapper AwsWafIntegration.fetch() to call the api, however when I call the API from localhost the WAF responds with a status 202 challenge that does not get handled. I presume this is because I do not have localhost in the token domain list, since if I access the api from a domain that is on the list it works as expected. I tried to remedy this by adding localhost to the list, but it is not accepted when I edit the list using the web console.

Is there some way to get this to work so that I can use the API from localhost? Of course I could bypass the WAF for localhost but this would open a large security hole.

Topics
Security, Identity, & ComplianceServerlessFront-End Web & MobileNetworking & Content DeliveryAWS Well-Architected Framework
Tags
AWS WAFAmazon API GatewaySecurity
Language
English
James
asked 2 months ago589 views
1 Answer
0

You can’t add localhost to the AWS WAF token domain list. Instead, consider using CloudFront with your API Gateway for granular control, or create a development environment that mirrors your production setup. Avoid bypassing the WAF for localhost due to security risks.

profile picture
EXPERT
Giovanni Lauria
answered a month ago

Relevant content