- Lab
-
Libraries: If you want this lab, consider one of these libraries.
- Cloud
- Security

Configuring WAF Rules Using Cloud Armor
Securing a GCP web application is an important cloud security skill. In this lab scenario, it's your responsibility to implement two Cloud Armor web application firewall (WAF) rules that will defend against web app attacks. By implementing SQLi and XSS WAF rules, your web app will be less vulnerable to OWASP Top 10 injection attacks and more secure as a whole.

Lab Info
Table of Contents
-
Challenge
Create HTTP(S) Cloud Load Balancer
- Use the Cloud Load Balancing service to create an HTTP(S) load balancer.
- Create a frontend service named front.
- Create a backend service named back.
- Create a Health Check named healthcheck.
-
Challenge
Create Cloud Armor WAF Rules
- Create a Cloud Armor security policy named secpolicy.
- Create a rule named US only and SQLi that uses US as the origin region code and the preconfigured expression for "sqli-canary".
- Create a rule named XSS that uses the preconfigured expression for
xss-canary
but excludes the OWASP core rule set v020901-id981136. - Enable Cloud Armor logging.
- Enable Adaptive Protection.
About the author
Real skill practice before real-world application
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Learn by doing
Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.
Follow your guide
All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.
Turn time into mastery
On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.