You have a PHP application deployed in an Auto Scaling group. In production, you want to use AWS WAF to block requests associated with exploiting vulnerabilities specific to the PHP use, including injection of unsafe PHP functions. Which method is appropriate?

Answer options:

A.Add the AWS managed PHP application rule to AWS Shield.
B.Add the AWS managed PHP application rule in the web ACL of AWS WAF.C.Add a PHP protection rule from AWS Marketplace to the WAF web ACL.
D.In WAF, create a new PHP application web ACL.

Correct Answer – B
Option A is incorrect because AWS Shield is a service to protect web applications against DDoS attacks. AWS WAF should be used in this scenario.
Option B is CORRECT because AWS provides the PHP protection rule in WAF. Users can add the rule in web ACL.
Option C is incorrect because, in this scenario, you need to add the AWS managed PHP rule in web ACL. There is no need to use a rule offered by AWS Marketplace.
Option D is incorrect because this is not how WAF works. In WAF, users create a web ACL and add rules in the ACL to take corresponding actions.
Reference:
https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-rule-groups.html.