{"id":75621,"date":"2025-09-08T13:39:41","date_gmt":"2025-09-08T08:09:41","guid":{"rendered":"https:\/\/www.tothenew.com\/blog\/?p=75621"},"modified":"2025-09-11T10:08:50","modified_gmt":"2025-09-11T04:38:50","slug":"securing-aem-as-a-cloud-service-with-traffic-filter-and-waf-rules","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/securing-aem-as-a-cloud-service-with-traffic-filter-and-waf-rules\/","title":{"rendered":"Securing AEM as a Cloud Service with Traffic Filter and WAF Rules"},"content":{"rendered":"

In recent times, threats to web applications have become increasingly common, including Denial of Service (DoS), Distributed Denial of Service (DDoS), malicious traffic, such as bots, injection attacks, and the misuse of system resources. These threats, if successful, can lead to downtime, data breaches, and degraded user experience. And this is where AEM as a Cloud Service steps in, with built-in traffic filtering and WAF rules, to secure applications while ensuring optimal performance.<\/p>\n

In this blog, we will cover traffic filter rules and a subcategory of those rules known as WAF (Web Application Firewall) traffic filter rules, or simply WAF rules. We will also discuss the syntax for writing these rules and share a few examples.<\/p>\n

Before diving into the syntax and examples, let\u2019s first explore where we write these rules and how and where we deploy them.<\/p>\n

Rule Configuration and Deployment<\/h2>\n

So, using Cloud Manager\u2019s config pipelines, these traffic rules are deployed to the Adobe managed CDN. They can be deployed on dev, stage and production environments. We need to create a Config pipeline that will deploy the traffic rules.<\/p>\n

    \n
  1. In the Cloud Manager, go to the Pipelines section.\n

    \"piplines\"

    Piplines Menu<\/p><\/div><\/li>\n

  2. On the right corner, you\u2019ll see Add Pipeline.\n

    \"add

    Add Pipeline<\/p><\/div><\/li>\n

  3. Select Add Non-Production Pipeline.\n

    \"Non-production

    Non-production Pipeline<\/p><\/div><\/li>\n

  4. Now, configure the details as mentioned in the screenshot
    \n\n\n\n
    \n

    \"Pipeline

    Pipeline Config Section 1<\/p><\/div><\/td>\n

    		\n

    \"config

    Pipeline Config Section 2<\/p><\/div><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/li>\n<\/ol>\n

    Syntax<\/h2>\n

    The syntax for traffic rules goes like this,<\/p>\n

      kind: \"CDN\"\r\n  version: \"1\"\r\n  metadata:\r\n  envTypes: [\"dev\"]\r\n  Data: <traffic-filter-rules><\/pre>\n
    These Traffic Rules are usually written cdn.yaml<\/strong> file in the config<\/strong> folder in the codebase, this is at the root level. If the configuration for all environments is same, then only one file should be enough. Else, environment-specific folder or environment-specific cdn.yaml(for eg. cdn-stg.yaml) files can be created.<\/p>\n
    \"Common
    Common cdn.yaml for all environments<\/p><\/div>\n
    \"Environment-specific
    Environment-specific Folders<\/p><\/div>\n
    A traffic rules YAML file is made up of four main fields,<\/p>\n