Skip to main content

AWS WAF Documentation

Web traffic filtering

AWS WAF enables you to create rules to filter web traffic based on conditions that include IP addresses, HTTP headers and body, or custom URIs. AWS WAF enables you to create a centralized set of rules that you can deploy across multiple websites.

Guided security configuration setup

The guided setup is designed to offer application developers a single-page workflow. By selecting your application type (such as enterprise business application), you can activate preconfigured security defaults. The system then customizes protection parameters and offers help throughout the process.  

Protection recommendations

AWS WAF is designed to support your security posture with data-driven recommendations from AWS WAF. Our system helps you maintain security by suggesting rule refinements and identifying potential vulnerabilities.

Protection packs

AWS WAF is designed to leverage AWS's security and threat intelligence to provide protection packs that allow customers to choose and customize security controls.

Consolidated dashboard

AWS WAF is designed with a unified, actionable dashboard that is designed to combine native AWS security metrics, threat monitoring, and rule performance data. Security teams can analyze trends, tune protections, and access recommendations to support security posture. Additionally, a partner solutions page is designed to provide access to protections from AWS Marketplace.

AWS WAF Bot Control

AWS WAF Bot Control is a managed rule group that is designed to give you visibility and control over common and pervasive bot traffic. You can block, or rate-limit, pervasive bots, such as scrapers, scanners, and crawlers, or you can allow common bots, such as status monitors and search engines. The Bot Control managed rule group can be used alongside other Managed Rules for WAF or your own custom WAF rules to help protect your applications.

Account takeover fraud prevention

AWS WAF Fraud Control - Account Takeover Prevention is a managed rule group that is designed to monitor your application’s login page for unauthorized access to user accounts using compromised credentials. You can use the rule group to help protect against credential stuffing attacks, brute force login attempts, and other anomalous login activities. With optional JavaScript and iOS/Android SDKs, you can receive additional telemetry on user devices that attempt to log in to your application to help protect your application against automated login attempts by bots. Account Takeover Prevention is part of Managed Rules for AWS and can be used together with Bot Control to help defend your application against bot attacks.

Account creation fraud prevention

Account Creation Fraud Prevention is a managed rule group that is designed to monitor your application’s sign-up or registration page for creation of fake or fraudulent accounts. You can use the rule group to help protect against abuse such as promotional or sign-up abuse, loyalty or rewards abuse and phishing. With the recommended JavaScript and iOS/Android SDKs, you can receive telemetry on user devices that attempt to sign-up to your application to help protect your application against automated attempts by bots. Account Creation Fraud Prevention is part of Managed Rules for AWS and can be used together with Bot Control to help defend your application against bot attacks.

API

AWS WAF can be administered via APIs. AWS WAF can also be deployed and provisioned using AWS CloudFormation sample templates.

Visibility

AWS WAF is designed to provide metrics and capture raw requests that include details about IP addresses, geo locations, URIs, User-Agent and Referrers.

Integration with AWS Firewall Manager

You can centrally configure and manage AWS WAF deployments across multiple AWS accounts using AWS Firewall Manager.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.